Vulnerabilities > CVE-2019-12818 - NULL Pointer Dereference vulnerability in Linux Kernel

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
linux
CWE-476
nessus

Summary

An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c.

Vulnerable Configurations

Part Description Count
OS
Linux
4072

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1829-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575] CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id126691
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126691
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1829-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1829-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126691);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2018-16871", "CVE-2018-20836", "CVE-2019-10126", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11599", "CVE-2019-12380", "CVE-2019-12456", "CVE-2019-12614", "CVE-2019-12818", "CVE-2019-12819");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1829-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to
    receive various security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2019-10638: Attackers used to be able to track the Linux kernel by
    the IP ID values the kernel produces for connection-less protocols.
    When such traffic was sent to multiple destination IP addresses, it
    was possible to obtain hash collisions (of indices to the counter
    array) and thereby obtain the hashing key (via enumeration). An attack
    could have been conducted by hosting a crafted web page that uses
    WebRTC or gQUIC to force UDP traffic to attacker-controlled IP
    addresses. [bnc#1140575]
    
    CVE-2019-10639: The Linux kernel used to allow Information Exposure
    (partial kernel address disclosure), leading to a KASLR bypass.
    Specifically, it was possible to extract the KASLR kernel image offset
    using the IP ID values the kernel produces for connection-less
    protocols. When such traffic was sent to multiple destination IP
    addresses, it was possible to obtain hash collisions (of indices to
    the counter array) and thereby obtain the hashing key (via
    enumeration). This key contains enough bits from a kernel address (of
    a static variable) so when the key was extracted (via enumeration),
    the offset of the kernel image was exposed. This attack could be
    carried out remotely by the attacker forcing the target device to send
    UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a
    server to send UDP traffic is trivial if the server is a DNS server.
    ICMP traffic is trivial if the server answers ICMP Echo requests
    (ping). For client targets, if the target visits the attacker's web
    page, then WebRTC or gQUIC can be used to force UDP traffic to
    attacker-controlled IP addresses. [bnc#1140577]
    
    CVE-2018-20836: A race condition used to exist in smp_task_timedout()
    and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to
    a use-after-free. [bnc#1134395]
    
    CVE-2019-10126: A heap-based buffer overflow in the wireless driver
    code was fixed. This issue might have lead to memory corruption and
    possibly other consequences. [bnc#1136935]
    
    CVE-2019-11599: The coredump implementation did not use locking or
    other mechanisms to prevent vma layout or vma flags changes while it
    ran, which allowed local users to obtain sensitive information, cause
    a denial of service, or possibly have unspecified other impact by
    triggering a race condition with mmget_not_zero or get_task_mm calls.
    [bnc#1131645].
    
    CVE-2019-12614: There was an unchecked kstrdup of prop->name on
    PowerPC platforms, which allowed an attacker to cause a denial of
    service (NULL pointer dereference and system crash). [bnc#1137194]
    
    CVE-2018-16871: A flaw was found in the NFS implementation. An
    attacker who was able to mount an exported NFS filesystem was able to
    trigger a NULL pointer dereference by an invalid NFS sequence. This
    could panic the machine and deny access to the NFS server. Any
    outstanding disk writes to the NFS server will were lost.
    [bnc#1137103]
    
    CVE-2019-12819: The function __mdiobus_register() used to call
    put_device(), which would trigger a fixed_mdio_bus_init use-after-free
    error. This would cause a denial of service. [bnc#1138291]
    
    CVE-2019-12818: The nfc_llcp_build_tlv function in
    net/nfc/llcp_commands.c may return NULL. If the caller did not check
    for this, it could trigger a NULL pointer dereference. This would
    cause denial of service. [bnc#1138293]
    
    CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main()
    allowed local users to cause a denial of service or possibly have
    unspecified other impact by changing the value of ioc_number between
    two kernel reads of that value, aka a 'double fetch' vulnerability.
    [bsc#1136922]
    
    CVE-2019-12380: An issue was in the EFI subsystem existed that
    mishandled memory allocation failures. Note, however, that all
    relevant code runs only at boot-time, before any user processes are
    started. Therefore, there was no possibility for an unprivileged user
    to exploit this issue. [bnc#1136598]
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1071995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088047"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1094555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1098633"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106383"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109137"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119532"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120423"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1124167"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128910"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132154"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132390"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133401"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133738"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134303"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134395"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135556"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136157"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136598"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137103"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137194"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137625"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137884"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137996"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137998"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138000"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138002"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138003"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138005"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138007"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138008"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138009"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138012"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138014"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138016"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138017"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138019"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138374"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138375"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138589"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138719"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1139771"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1139782"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1139865"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140328"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140577"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140637"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140715"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140719"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140726"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140727"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140814"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16871/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20836/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10126/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10638/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10639/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11599/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12380/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12456/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12614/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12818/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12819/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191829-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3bab832d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Public Cloud 15:zypper in -t patch
    SUSE-SLE-Module-Public-Cloud-15-2019-1829=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15-SP1:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1829=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20836");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cluster-md-kmp-azure-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dlm-kmp-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dlm-kmp-azure-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gfs2-kmp-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gfs2-kmp-azure-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-livepatch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-azure-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ocfs2-kmp-azure-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-azure-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"cluster-md-kmp-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"cluster-md-kmp-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"dlm-kmp-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"dlm-kmp-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"gfs2-kmp-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"gfs2-kmp-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-azure-base-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-azure-base-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-azure-debugsource-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-azure-devel-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-azure-devel-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-azure-extra-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-azure-extra-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-azure-livepatch-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-syms-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kselftests-kmp-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kselftests-kmp-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"ocfs2-kmp-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"ocfs2-kmp-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"reiserfs-kmp-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"reiserfs-kmp-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"cluster-md-kmp-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"cluster-md-kmp-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"dlm-kmp-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"dlm-kmp-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"gfs2-kmp-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"gfs2-kmp-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-azure-base-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-azure-base-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-azure-debugsource-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-azure-devel-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-azure-devel-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-azure-extra-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-azure-extra-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-azure-livepatch-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-syms-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kselftests-kmp-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kselftests-kmp-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"ocfs2-kmp-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"ocfs2-kmp-azure-debuginfo-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"reiserfs-kmp-azure-4.12.14-5.33.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"reiserfs-kmp-azure-debuginfo-4.12.14-5.33.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1870-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-5390 aka
    last seen2020-06-01
    modified2020-06-02
    plugin id126811
    published2019-07-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126811
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1870-1) (SACK Slowness)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1870-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126811);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2018-20836", "CVE-2018-5390", "CVE-2018-7191", "CVE-2019-11478", "CVE-2019-11487", "CVE-2019-12456", "CVE-2019-12614", "CVE-2019-12818");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1870-1) (SACK Slowness)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2018-5390 aka 'SegmentSmack': A remote attacker even with
    relatively low bandwidth could have caused lots of CPU usage by
    triggering the worst case scenario during IP and/or TCP fragment
    reassembly (bsc#1102340)
    
    CVE-2018-7191: In the tun subsystem in the Linux kernel,
    dev_get_valid_name was not called before register_netdevice. This
    allowed local users to cause a denial of service (NULL pointer
    dereference and panic) via an ioctl(TUNSETIFF) call with a dev name
    containing a / character. (bnc#1135603)
    
    CVE-2018-20836: A race condition in smp_task_timedout() and
    smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead
    to a use-after-free. (bnc#1134395)
    
    CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to
    cause denial of service (a NULL pointer dereference and system crash).
    (bnc#1137194)
    
    CVE-2019-12818: The nfc_llcp_build_tlv function in
    net/nfc/llcp_commands.c may have returned NULL. If the caller did not
    check for this, it would trigger a NULL pointer dereference. This
    would cause denial of service. (bnc#1138293)
    
    CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main()
    allowed local users to cause a denial of service or possibly have
    unspecified other impact by changing the value of ioc_number between
    two kernel reads of that value, aka a 'double fetch' vulnerability.
    (bsc#1136922)
    
    CVE-2019-11487: An attacker could have triggered use-after-free via
    page reference count overflow on slow filesystems with at least of 140
    GiB of RAM available. (bnc#1133190)
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102340"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112824"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1130159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134395"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137194"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1139751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20836/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-5390/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-7191/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11487/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12456/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12614/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12818/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191870-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ce50e84b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
    SUSE-SLE-SAP-12-SP1-2019-1870=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2019-1870=1
    
    SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
    SUSE-SLE-Module-Public-Cloud-12-2019-1870=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_118-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_118-xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/19");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_118-default-1-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_118-xen-1-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"kernel-default-man-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-debuginfo-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debuginfo-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debugsource-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-devel-3.12.74-60.64.118.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-syms-3.12.74-60.64.118.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4118-1.NASL
    descriptionIt was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id128478
    published2019-09-03
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128478
    titleUbuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4118-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128478);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/24 11:30:51");
    
      script_cve_id("CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20784", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3846", "CVE-2019-3900", "CVE-2019-9506");
      script_xref(name:"USN", value:"4118-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the alarmtimer implementation in the Linux
    kernel contained an integer overflow vulnerability. A local attacker
    could use this to cause a denial of service. (CVE-2018-13053)
    
    Wen Xu discovered that the XFS filesystem implementation in the Linux
    kernel did not properly track inode validations. An attacker could use
    this to construct a malicious XFS image that, when mounted, could
    cause a denial of service (system crash). (CVE-2018-13093)
    
    Wen Xu discovered that the f2fs file system implementation in the
    Linux kernel did not properly validate metadata. An attacker could use
    this to construct a malicious f2fs image that, when mounted, could
    cause a denial of service (system crash). (CVE-2018-13096,
    CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100,
    CVE-2018-14614, CVE-2018-14615, CVE-2018-14616)
    
    Wen Xu and Po-Ning Tseng discovered that btrfs file system
    implementation in the Linux kernel did not properly validate metadata.
    An attacker could use this to construct a malicious btrfs image that,
    when mounted, could cause a denial of service (system crash).
    (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612,
    CVE-2018-14613)
    
    Wen Xu discovered that the HFS+ filesystem implementation in the Linux
    kernel did not properly handle malformed catalog data in some
    situations. An attacker could use this to construct a malicious HFS+
    image that, when mounted, could cause a denial of service (system
    crash). (CVE-2018-14617)
    
    Vasily Averin and Pavel Tikhomirov discovered that the cleancache
    subsystem of the Linux kernel did not properly initialize new files in
    some situations. A local attacker could use this to expose sensitive
    information. (CVE-2018-16862)
    
    Hui Peng and Mathias Payer discovered that the Option USB High Speed
    driver in the Linux kernel did not properly validate metadata received
    from the device. A physically proximate attacker could use this to
    cause a denial of service (system crash). (CVE-2018-19985)
    
    Hui Peng and Mathias Payer discovered that the USB subsystem in the
    Linux kernel did not properly handle size checks when handling an
    extra USB descriptor. A physically proximate attacker could use this
    to cause a denial of service (system crash). (CVE-2018-20169)
    
    Zhipeng Xie discovered that an infinite loop could triggered in the
    CFS Linux kernel process scheduler. A local attacker could possibly
    use this to cause a denial of service. (CVE-2018-20784)
    
    It was discovered that a use-after-free error existed in the block
    layer subsystem of the Linux kernel when certain failure conditions
    occurred. A local attacker could possibly use this to cause a denial
    of service (system crash) or possibly execute arbitrary code.
    (CVE-2018-20856)
    
    Eli Biham and Lior Neumann discovered that the Bluetooth
    implementation in the Linux kernel did not properly validate elliptic
    curve parameters during Diffie-Hellman key exchange in some
    situations. An attacker could use this to expose sensitive
    information. (CVE-2018-5383)
    
    It was discovered that the Intel wifi device driver in the Linux
    kernel did not properly validate certain Tunneled Direct Link Setup
    (TDLS). A physically proximate attacker could use this to cause a
    denial of service (wifi disconnect). (CVE-2019-0136)
    
    It was discovered that a heap buffer overflow existed in the Marvell
    Wireless LAN device driver for the Linux kernel. An attacker could use
    this to cause a denial of service (system crash) or possibly execute
    arbitrary code. (CVE-2019-10126)
    
    It was discovered that the Bluetooth UART implementation in the Linux
    kernel did not properly check for missing tty operations. A local
    attacker could use this to cause a denial of service. (CVE-2019-10207)
    
    Amit Klein and Benny Pinkas discovered that the Linux kernel did not
    sufficiently randomize IP ID values generated for connectionless
    networking protocols. A remote attacker could use this to track
    particular Linux devices. (CVE-2019-10638)
    
    Amit Klein and Benny Pinkas discovered that the location of kernel
    addresses could exposed by the implementation of connection-less
    network protocols in the Linux kernel. A remote attacker could
    possibly use this to assist in the exploitation of another
    vulnerability in the Linux kernel. (CVE-2019-10639)
    
    Adam Zabrocki discovered that the Intel i915 kernel mode graphics
    driver in the Linux kernel did not properly restrict mmap() ranges in
    some situations. A local attacker could use this to cause a denial of
    service (system crash) or possibly execute arbitrary code.
    (CVE-2019-11085)
    
    It was discovered that an integer overflow existed in the Linux kernel
    when reference counting pages, leading to potential use-after-free
    issues. A local attacker could use this to cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2019-11487)
    
    Jann Horn discovered that a race condition existed in the Linux kernel
    when performing core dumps. A local attacker could use this to cause a
    denial of service (system crash) or expose sensitive information.
    (CVE-2019-11599)
    
    It was discovered that a NULL pointer dereference vulnerability
    existed in the LSI Logic MegaRAID driver in the Linux kernel. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2019-11810)
    
    It was discovered that a race condition leading to a use-after-free
    existed in the Reliable Datagram Sockets (RDS) protocol implementation
    in the Linux kernel. The RDS protocol is blacklisted by default in
    Ubuntu. If enabled, a local attacker could use this to cause a denial
    of service (system crash) or possibly execute arbitrary code.
    (CVE-2019-11815)
    
    It was discovered that the ext4 file system implementation in the
    Linux kernel did not properly zero out memory in some situations. A
    local attacker could use this to expose sensitive information (kernel
    memory). (CVE-2019-11833)
    
    It was discovered that the Bluetooth Human Interface Device Protocol
    (HIDP) implementation in the Linux kernel did not properly verify
    strings were NULL terminated in certain situations. A local attacker
    could use this to expose sensitive information (kernel memory).
    (CVE-2019-11884)
    
    It was discovered that a NULL pointer dereference vulnerabilty existed
    in the Near-field communication (NFC) implementation in the Linux
    kernel. An attacker could use this to cause a denial of service
    (system crash). (CVE-2019-12818)
    
    It was discovered that the MDIO bus devices subsystem in the Linux
    kernel improperly dropped a device reference in an error condition,
    leading to a use-after-free. An attacker could use this to cause a
    denial of service (system crash). (CVE-2019-12819)
    
    It was discovered that a NULL pointer dereference vulnerability
    existed in the Near-field communication (NFC) implementation in the
    Linux kernel. A local attacker could use this to cause a denial of
    service (system crash). (CVE-2019-12984)
    
    Jann Horn discovered a use-after-free vulnerability in the Linux
    kernel when accessing LDT entries in some situations. A local attacker
    could use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2019-13233)
    
    Jann Horn discovered that the ptrace implementation in the Linux
    kernel did not properly record credentials in some situations. A local
    attacker could use this to cause a denial of service (system crash) or
    possibly gain administrative privileges. (CVE-2019-13272)
    
    It was discovered that the GTCO tablet input driver in the Linux
    kernel did not properly bounds check the initial HID report sent by
    the device. A physically proximate attacker could use to cause a
    denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2019-13631)
    
    It was discovered that the floppy driver in the Linux kernel did not
    properly validate meta data, leading to a buffer overread. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2019-14283)
    
    It was discovered that the floppy driver in the Linux kernel did not
    properly validate ioctl() calls, leading to a division-by-zero. A
    local attacker could use this to cause a denial of service (system
    crash). (CVE-2019-14284)
    
    Tuba Yavuz discovered that a race condition existed in the DesignWare
    USB3 DRD Controller device driver in the Linux kernel. A physically
    proximate attacker could use this to cause a denial of service.
    (CVE-2019-14763)
    
    It was discovered that an out-of-bounds read existed in the QLogic
    QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker
    could possibly use this to expose sensitive information (kernel
    memory). (CVE-2019-15090)
    
    It was discovered that the Raremono AM/FM/SW radio device driver in
    the Linux kernel did not properly allocate memory, leading to a
    use-after-free. A physically proximate attacker could use this to
    cause a denial of service or possibly execute arbitrary code.
    (CVE-2019-15211)
    
    It was discovered at a double-free error existed in the USB Rio 500
    device driver for the Linux kernel. A physically proximate attacker
    could use this to cause a denial of service. (CVE-2019-15212)
    
    It was discovered that a race condition existed in the Advanced Linux
    Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a
    potential use-after-free. A physically proximate attacker could use
    this to cause a denial of service (system crash) pro possibly execute
    arbitrary code. (CVE-2019-15214)
    
    It was discovered that a race condition existed in the CPiA2
    video4linux device driver for the Linux kernel, leading to a
    use-after-free. A physically proximate attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2019-15215)
    
    It was discovered that a race condition existed in the Softmac USB
    Prism54 device driver in the Linux kernel. A physically proximate
    attacker could use this to cause a denial of service (system crash).
    (CVE-2019-15220)
    
    It was discovered that a use-after-free vulnerability existed in the
    Appletalk implementation in the Linux kernel if an error occurs during
    initialization. A local attacker could use this to cause a denial of
    service (system crash). (CVE-2019-15292)
    
    It was discovered that the Empia EM28xx DVB USB device driver
    implementation in the Linux kernel contained a use-after-free
    vulnerability when disconnecting the device. An attacker could use
    this to cause a denial of service (system crash). (CVE-2019-2024)
    
    It was discovered that the USB video device class implementation in
    the Linux kernel did not properly validate control bits, resulting in
    an out of bounds buffer read. A local attacker could use this to
    possibly expose sensitive information (kernel memory). (CVE-2019-2101)
    
    It was discovered that the Marvell Wireless LAN device driver in the
    Linux kernel did not properly validate the BSS descriptor. A local
    attacker could possibly use this to cause a denial of service (system
    crash) or possibly execute arbitrary code. (CVE-2019-3846)
    
    Jason Wang discovered that an infinite loop vulnerability existed in
    the virtio net driver in the Linux kernel. A local attacker in a guest
    VM could possibly use this to cause a denial of service in the host
    system. (CVE-2019-3900)
    
    Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen
    discovered that the Bluetooth protocol BR/EDR specification did not
    properly require sufficiently strong encryption key lengths. A
    physicall proximate attacker could use this to expose sensitive
    information. (CVE-2019-9506)
    
    It was discovered that the Appletalk IP encapsulation driver in the
    Linux kernel did not properly prevent kernel addresses from being
    copied to user space. A local attacker with the CAP_NET_ADMIN
    capability could use this to expose sensitive information.
    (CVE-2018-20511)
    
    It was discovered that a race condition existed in the USB YUREX
    device driver in the Linux kernel. A physically proximate attacker
    could use this to cause a denial of service (system crash).
    (CVE-2019-15216)
    
    It was discovered that the Siano USB MDTV receiver device driver in
    the Linux kernel made improper assumptions about the device
    characteristics. A physically proximate attacker could use this cause
    a denial of service (system crash). (CVE-2019-15218)
    
    It was discovered that the Line 6 POD USB device driver in the Linux
    kernel did not properly validate data size information from the
    device. A physically proximate attacker could use this to cause a
    denial of service (system crash). (CVE-2019-15221)
    
    Muyu Yu discovered that the CAN implementation in the Linux kernel in
    some situations did not properly restrict the field size when
    processing outgoing frames. A local attacker with CAP_NET_ADMIN
    privileges could use this to execute arbitrary code. (CVE-2019-3701)
    
    Vladis Dronov discovered that the debug interface for the Linux
    kernel's HID subsystem did not properly validate passed parameters in
    some situations. A local privileged attacker could use this to cause a
    denial of service (infinite loop). (CVE-2019-3819).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4118-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-4.15-aws, linux-image-aws and / or
    linux-image-aws-hwe packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20784", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3846", "CVE-2019-3900", "CVE-2019-9506");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4118-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1047-aws", pkgver:"4.15.0-1047.49~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws-hwe", pkgver:"4.15.0.1047.47")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1047-aws", pkgver:"4.15.0-1047.49")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-aws", pkgver:"4.15.0.1047.46")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-aws / linux-image-aws / linux-image-aws-hwe");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1571.NASL
    descriptionThe openSUSE Leap 15.1 was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. (bsc#1137586) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291). - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293). - CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id126059
    published2019-06-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126059
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-1571) (SACK Panic) (SACK Slowness)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1571.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126059);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2019-10124", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11487", "CVE-2019-12380", "CVE-2019-12382", "CVE-2019-12456", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-3846");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1571) (SACK Panic) (SACK Slowness)");
      script_summary(english:"Check for the openSUSE-2019-1571 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 15.1 was updated to receive various security and
    bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2019-11477: A sequence of SACKs may have been
        crafted by a remote attacker such that one can trigger
        an integer overflow, leading to a kernel panic.
        (bsc#1137586).
    
      - CVE-2019-11478: It was possible to send a crafted
        sequence of SACKs which would fragment the TCP
        retransmission queue. A remote attacker may have been
        able to further exploit the fragmented queue to cause an
        expensive linked-list walk for subsequent SACKs received
        for that same TCP connection. (bsc#1137586)
    
      - CVE-2019-11479: It was possible to send a crafted
        sequence of SACKs which would fragment the RACK send
        map. A remote attacker may be able to further exploit
        the fragmented send map to cause an expensive
        linked-list walk for subsequent SACKs received for that
        same TCP connection. This would have resulted in excess
        resource consumption due to low mss values.
        (bsc#1137586)
    
      - CVE-2019-12819: The function __mdiobus_register() in
        drivers/net/phy/mdio_bus.c calls put_device(), which
        will trigger a fixed_mdio_bus_init use-after-free. This
        will cause a denial of service (bnc#1138291).
    
      - CVE-2019-12818: The nfc_llcp_build_tlv function in
        net/nfc/llcp_commands.c may return NULL. If the caller
        did not check for this, it will trigger a NULL pointer
        dereference. This will cause denial of service. This
        affects nfc_llcp_build_gb in net/nfc/llcp_core.c
        (bnc#1138293).
    
      - CVE-2019-12456: An issue was discovered in the
        MPT3COMMAND case in _ctl_ioctl_main in
        drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local
        users to cause a denial of service or possibly have
        unspecified other impact by changing the value of
        ioc_number between two kernel reads of that value, aka a
        'double fetch' vulnerability. (bnc#1136922)
    
      - CVE-2019-12380: An issue was discovered in the efi
        subsystem in the Linux kernel
        phys_efi_set_virtual_address_map in
        arch/x86/platform/efi/efi.c and efi_call_phys_prolog in
        arch/x86/platform/efi/efi_64.c mishandle memory
        allocation failures (bnc#1136598).
    
      - CVE-2019-3846: A flaw that allowed an attacker to
        corrupt memory and possibly escalate privileges was
        found in the mwifiex kernel module while connecting to a
        malicious wireless network (bnc#1136424).
    
      - CVE-2019-10124: An attacker could exploit an issue in
        the hwpoison implementation to cause a denial of service
        (BUG). (bsc#1130699)
    
      - CVE-2019-12382: In the drm_load_edid_firmware in
        drivers/gpu/drm/drm_edid_load.c was an unchecked kstrdup
        of fwstr, which might allow an attacker to cause a
        denial of service (NULL pointer dereference and system
        crash) (bnc#1136586).
    
      - CVE-2019-11487: The Linux kernel allowed page->_refcount
        reference count overflow, with resultant use-after-free
        issues, if about 140 GiB of RAM exists. This is related
        to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,
        include/linux/mm.h, include/linux/pipe_fs_i.h,
        kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can
        occur with FUSE requests (bnc#1133190)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050242"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066129"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068546"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075020"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103992"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1115688"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117114"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117158"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118139"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120091"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120423"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120566"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124503"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126206"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130699"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131673"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133612"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134090"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134730"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134738"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134936"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134945"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134946"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134947"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134948"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134949"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134950"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134951"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134952"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134953"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134972"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134974"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134980"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134981"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134983"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134987"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134989"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134998"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135021"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135024"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135026"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135027"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135028"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135029"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135031"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135033"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135036"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135037"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135039"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135041"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135044"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135045"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135047"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135053"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135056"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135153"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135542"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135556"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136206"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136215"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136345"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136347"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136353"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136430"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136435"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136438"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136439"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136456"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136460"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136469"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136478"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136598"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136881"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136978"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137151"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137152"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137153"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137201"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137224"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137233"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137236"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137372"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137444"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137996"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137998"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138000"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138002"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138003"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138005"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138007"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138008"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138009"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138012"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138014"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138016"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138017"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138019"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138374"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138375"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/20");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-base-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-base-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-debugsource-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-devel-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-devel-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-base-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-base-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-debugsource-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-devel-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-devel-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-devel-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-docs-html-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-base-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-debugsource-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-devel-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-macros-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-build-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-build-debugsource-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-qa-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-source-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-source-vanilla-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-syms-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-base-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-debugsource-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-devel-4.12.14-lp151.28.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1852-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577). CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), that lead to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id126742
    published2019-07-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126742
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1852-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1852-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126742);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2018-20836", "CVE-2019-10126", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-12380", "CVE-2019-12456", "CVE-2019-12614", "CVE-2019-12818", "CVE-2019-12819");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1852-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2019-10638: In the Linux kernel, a device could be tracked by an
    attacker using the IP ID values the kernel produces for
    connection-less protocols (e.g., UDP and ICMP). When such traffic was
    sent to multiple destination IP addresses, it was possible to obtain
    hash collisions (of indices to the counter array) and thereby obtain
    the hashing key (via enumeration). An attack may have been conducted
    by hosting a crafted web page that uses WebRTC or gQUIC to force UDP
    traffic to attacker-controlled IP addresses (bnc#1140575 1140577).
    
    CVE-2019-10639: The Linux kernel allowed Information Exposure (partial
    kernel address disclosure), that lead to a KASLR bypass. Specifically,
    it was possible to extract the KASLR kernel image offset using the IP
    ID values the kernel produces for connection-less protocols (e.g., UDP
    and ICMP). When such traffic is sent to multiple destination IP
    addresses, it was possible to obtain hash collisions (of indices to
    the counter array) and thereby obtain the hashing key (via
    enumeration). This key contains enough bits from a kernel address (of
    a static variable) so when the key is extracted (via enumeration), the
    offset of the kernel image is exposed. This attack could be carried
    out remotely, by the attacker forcing the target device to send UDP or
    ICMP (or certain other) traffic to attacker-controlled IP addresses.
    Forcing a server to send UDP traffic is trivial if the server is a DNS
    server. ICMP traffic is trivial if the server answers ICMP Echo
    requests (ping). For client targets, if the target visited the
    attacker's web page, then WebRTC or gQUIC could be used to force UDP
    traffic to attacker-controlled IP addresses. NOTE: this attack against
    KASLR became viable because IP ID generation was changed to have a
    dependency on an address associated with a network namespace
    (bnc#1140577).
    
    CVE-2019-10126: A flaw was found in the Linux kernel. A heap based
    buffer overflow in mwifiex_uap_parse_tail_ies function in
    drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory
    corruption and possibly other consequences (bnc#1136935).
    
    CVE-2018-20836: An issue was discovered in the Linux kernel There was
    a race condition in smp_task_timedout() and smp_task_done() in
    drivers/scsi/libsas/sas_expander.c, leading to a use-after-free
    (bnc#1134395).
    
    CVE-2019-11599: The coredump implementation in the Linux kernel did
    not use locking or other mechanisms to prevent vma layout or vma flags
    changes while it ran, which allowed local users to obtain sensitive
    information, cause a denial of service, or possibly have unspecified
    other impact by triggering a race condition with mmget_not_zero or
    get_task_mm call. This is related to fs/userfaultfd.c, mm/mmap.c,
    fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c
    (bnc#1131645 1133738).
    
    CVE-2019-12614: An issue was discovered in dlpar_parse_cc_property in
    arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel There was
    an unchecked kstrdup of prop-name, which might have allowed an
    attacker to cause a denial of service (NULL pointer dereference and
    system crash) (bnc#1137194).
    
    CVE-2019-12819: An issue was discovered in the Linux kernel The
    function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls
    put_device(), which would trigger a fixed_mdio_bus_init
    use-after-free. This would cause a denial of service (bnc#1138291).
    
    CVE-2019-12818: An issue was discovered in the Linux kernel The
    nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return
    NULL. If the caller did not check for this, it would trigger a NULL
    pointer dereference. This would cause a denial of service. This
    affected nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293).
    
    CVE-2019-12456: A double-fetch bug in _ctl_ioctl_main() could lead to
    a local denial of service attack (bsc#1136922 CVE-2019-12456).
    
    CVE-2019-12380: An issue was discovered in the efi subsystem in the
    Linux kernel phys_efi_set_virtual_address_map in
    arch/x86/platform/efi/efi.c and efi_call_phys_prolog in
    arch/x86/platform/efi/efi_64.c mishandle memory allocation failures.
    NOTE: This id is disputed as not being an issue because ;All the code
    touched by the referenced commit runs only at boot, before any user
    processes are started. Therefore, there is no possibility for an
    unprivileged user to control it (bnc#1136598).
    
    CVE-2019-11487: The Linux kernel before allowed page-_refcount
    reference count overflow, with resultant use-after-free issues, if
    about 140 GiB of RAM exists. This is related to fs/fuse/dev.c,
    fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h,
    kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with
    FUSE requests (bnc#1133190 1133191).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1094555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109137"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119086"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121263"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126961"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131335"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132390"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133140"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133191"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133738"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134395"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136598"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136889"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137004"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137194"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137749"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138374"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1139751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140577"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20836/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10126/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10638/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10639/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11487/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11599/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12380/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12456/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12614/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12818/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12819/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191852-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f06a8621"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud 8:zypper in -t patch
    SUSE-OpenStack-Cloud-8-2019-1852=1
    
    SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch
    SUSE-SLE-SAP-12-SP3-2019-1852=1
    
    SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-1852=1
    
    SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch
    SUSE-SLE-HA-12-SP3-2019-1852=1
    
    SUSE Enterprise Storage 5:zypper in -t patch
    SUSE-Storage-5-2019-1852=1
    
    SUSE CaaS Platform 3.0 :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20836");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kgraft-patch-4_4_180-94_100-default-1-4.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kgraft-patch-4_4_180-94_100-default-debuginfo-1-4.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"s390x", reference:"kernel-default-man-4.4.180-94.100.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-4.4.180-94.100.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-4.4.180-94.100.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-debuginfo-4.4.180-94.100.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debuginfo-4.4.180-94.100.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debugsource-4.4.180-94.100.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-devel-4.4.180-94.100.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-syms-4.4.180-94.100.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1579.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. (bsc#1137586) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291). - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293). - CVE-2019-12456: local users could cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id126040
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126040
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-1579) (SACK Panic) (SACK Slowness)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1579.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126040);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2013-4343", "CVE-2018-7191", "CVE-2019-10124", "CVE-2019-11085", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11487", "CVE-2019-11833", "CVE-2019-12380", "CVE-2019-12382", "CVE-2019-12456", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-3846", "CVE-2019-5489");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1579) (SACK Panic) (SACK Slowness)");
      script_summary(english:"Check for the openSUSE-2019-1579 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 15.0 kernel was updated to receive various security
    and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2019-11477: A sequence of SACKs may have been
        crafted by a remote attacker such that one can trigger
        an integer overflow, leading to a kernel panic.
        (bsc#1137586).
    
      - CVE-2019-11478: It was possible to send a crafted
        sequence of SACKs which would fragment the TCP
        retransmission queue. A remote attacker may have been
        able to further exploit the fragmented queue to cause an
        expensive linked-list walk for subsequent SACKs received
        for that same TCP connection. (bsc#1137586)
    
      - CVE-2019-11479: It was possible to send a crafted
        sequence of SACKs which would fragment the RACK send
        map. A remote attacker may be able to further exploit
        the fragmented send map to cause an expensive
        linked-list walk for subsequent SACKs received for that
        same TCP connection. This would have resulted in excess
        resource consumption due to low mss values.
        (bsc#1137586)
    
      - CVE-2019-12819: The function __mdiobus_register() in
        drivers/net/phy/mdio_bus.c calls put_device(), which
        will trigger a fixed_mdio_bus_init use-after-free. This
        will cause a denial of service (bnc#1138291).
    
      - CVE-2019-12818: The nfc_llcp_build_tlv function in
        net/nfc/llcp_commands.c may return NULL. If the caller
        did not check for this, it will trigger a NULL pointer
        dereference. This will cause denial of service. This
        affects nfc_llcp_build_gb in net/nfc/llcp_core.c
        (bnc#1138293).
    
      - CVE-2019-12456: local users could cause a denial of
        service or possibly have unspecified other impact by
        changing the value of ioc_number between two kernel
        reads of that value, aka a 'double fetch' vulnerability.
        (bnc#1136922)
    
      - CVE-2019-12380: phys_efi_set_virtual_address_map in
        arch/x86/platform/efi/efi.c and efi_call_phys_prolog in
        arch/x86/platform/efi/efi_64.c mishandle memory
        allocation failures (bnc#1136598).
    
      - CVE-2019-3846: A flaw that allowed an attacker to
        corrupt memory and possibly escalate privileges was
        found in the mwifiex kernel module while connecting to a
        malicious wireless network (bnc#1136424).
    
      - CVE-2019-10124: An attacker could exploit an issue in
        the hwpoison implementation to cause a denial of service
        (BUG). (bsc#1130699)
    
      - CVE-2019-12382: An issue was discovered in
        drm_load_edid_firmware in
        drivers/gpu/drm/drm_edid_load.c. There was an unchecked
        kstrdup of fwstr, which might allow an attacker to cause
        a denial of service (NULL pointer dereference and system
        crash) (bnc#1136586).
    
      - CVE-2019-11487: The Linux kernel before 5.1-rc5 allowed
        page->_refcount reference count overflow, with resultant
        use-after-free issues, if about 140 GiB of RAM exists.
        This is related to fs/fuse/dev.c, fs/pipe.c,
        fs/splice.c, include/linux/mm.h,
        include/linux/pipe_fs_i.h, kernel/trace/trace.c,
        mm/gup.c, and mm/hugetlb.c. It can occur with FUSE
        requests (bnc#1133190).
    
      - CVE-2019-5489: The mincore() implementation in
        mm/mincore.c allowed local attackers to observe page
        cache access patterns of other processes on the same
        system, potentially allowing sniffing of secret
        information. (Fixing this affects the output of the
        fincore program.) Limited remote exploitation may be
        possible, as demonstrated by latency differences in
        accessing public files from an Apache HTTP Server
        (bnc#1120843).
    
      - CVE-2019-11833: fs/ext4/extents.c did not zero out the
        unused memory region in the extent tree block, which
        might allow local users to obtain sensitive information
        by reading uninitialized data in the filesystem
        (bnc#1135281).
    
      - CVE-2018-7191: In the tun subsystem dev_get_valid_name
        is not called before register_netdevice. This allowed
        local users to cause a denial of service (NULL pointer
        dereference and panic) via an ioctl(TUNSETIFF) call with
        a dev name containing a / character. This is similar to
        CVE-2013-4343 (bnc#1135603).
    
      - CVE-2019-11085: Insufficient input validation in Kernel
        Mode Driver in Intel(R) i915 Graphics may have allowed
        an authenticated user to potentially enable escalation
        of privilege via local access (bnc#1135278).
    
    The following non-security bugs were fixed :
    
      - 9p locks: add mount option for lock retry interval
        (bsc#1051510).
    
      - ACPI: Add Hygon Dhyana support ().
    
      - ACPI: button: reinitialize button state upon resume
        (bsc#1051510).
    
      - ACPICA: AML interpreter: add region addresses in global
        list during initialization (bsc#1051510).
    
      - ACPICA: Namespace: remove address node from global list
        after method termination (bsc#1051510).
    
      - ACPI: fix menuconfig presentation of ACPI submenu
        (bsc#1117158).
    
      - ACPI / property: fix handling of data_nodes in
        acpi_get_next_subnode() (bsc#1051510).
    
      - ACPI / utils: Drop reference in test for device presence
        (bsc#1051510).
    
      - ALSA: firewire-motu: fix destruction of data for
        isochronous resources (bsc#1051510).
    
      - ALSA: hda/realtek - Avoid superfluous COEF EAPD setups
        (bsc#1051510).
    
      - ALSA: hda/realtek - Corrected fixup for System76 Gazelle
        (gaze14) (bsc#1051510).
    
      - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted
        internal microphone bug (bsc#1051510).
    
      - ALSA: hda/realtek - Fixup headphone noise via runtime
        suspend (bsc#1051510).
    
      - ALSA: hda/realtek - Improve the headset mic for Acer
        Aspire laptops (bsc#1051510).
    
      - ALSA: hda/realtek - Set default power save node to 0
        (bsc#1051510).
    
      - ALSA: hda/realtek - Update headset mode for ALC256
        (bsc#1051510).
    
      - ALSA: hda - Use a macro for snd_array iteration loops
        (bsc#1051510).
    
      - ALSA: oxfw: allow PCM capture for Stanton SCS.1m
        (bsc#1051510).
    
      - appletalk: Fix compile regression (bsc#1051510).
    
      - appletalk: Fix use-after-free in atalk_proc_exit
        (bsc#1051510).
    
      - arch: arm64: acpi: KABI ginore includes (bsc#1117158
        bsc#1134671).
    
      - arm64: acpi: fix alignment fault in accessing ACPI
        (bsc#1117158).
    
      - arm64: Export save_stack_trace_tsk() (jsc#SLE-4214).
    
      - arm64: fix ACPI dependencies (bsc#1117158).
    
      - arm64, mm, efi: Account for GICv3 LPI tables in static
        memblock reserve table (bsc#1117158).
    
      - arm64/x86: Update config files. Use
        CONFIG_ARCH_SUPPORTS_ACPI
    
      - arm: 8824/1: fix a migrating irq bug when hotplug cpu
        (bsc#1051510).
    
      - arm: 8833/1: Ensure that NEON code always compiles with
        Clang (bsc#1051510).
    
      - arm: 8839/1: kprobe: make patch_lock a raw_spinlock_t
        (bsc#1051510).
    
      - arm: 8840/1: use a raw_spinlock_t in unwind
        (bsc#1051510).
    
      - arm: avoid Cortex-A9 livelock on tight dmb loops
        (bsc#1051510).
    
      - arm: imx6q: cpuidle: fix bug that CPU might not wake up
        at expected time (bsc#1051510).
    
      - arm: iop: do not use using 64-bit DMA masks
        (bsc#1051510).
    
      - arm: OMAP2+: fix lack of timer interrupts on CPU1 after
        hotplug (bsc#1051510).
    
      - arm: OMAP2+: Variable 'reg' in function
        omap4_dsi_mux_pads() could be uninitialized
        (bsc#1051510).
    
      - arm: orion: do not use using 64-bit DMA masks
        (bsc#1051510).
    
      - arm: pxa: ssp: unneeded to free devm_ allocated data
        (bsc#1051510).
    
      - arm: s3c24xx: Fix boolean expressions in
        osiris_dvs_notify (bsc#1051510).
    
      - arm: samsung: Limit SAMSUNG_PM_CHECK config option to
        non-Exynos platforms (bsc#1051510).
    
      - ASoC: cs42xx8: Add regcache mask dirty (bsc#1051510).
    
      - ASoC: eukrea-tlv320: fix a leaked reference by adding
        missing of_node_put (bsc#1051510).
    
      - ASoC: fsl_asrc: Fix the issue about unsupported rate
        (bsc#1051510).
    
      - ASoC: fsl_sai: Update is_slave_mode with correct value
        (bsc#1051510).
    
      - ASoC: fsl_utils: fix a leaked reference by adding
        missing of_node_put (bsc#1051510).
    
      - ASoC: hdmi-codec: unlock the device on startup errors
        (bsc#1051510).
    
      - backlight: lm3630a: Return 0 on success in update_status
        functions (bsc#1051510).
    
      - batman-adv: allow updating DAT entry timeouts on
        incoming ARP Replies (bsc#1051510).
    
      - blk-mq: fix hang caused by freeze/unfreeze sequence
        (bsc#1128432).
    
      - block: do not leak memory in bio_copy_user_iov()
        (bsc#1135309).
    
      - block: Do not revalidate bdev of hidden gendisk
        (bsc#1120091).
    
      - block: fix the return errno for direct IO (bsc#1135320).
    
      - block: fix use-after-free on gendisk (bsc#1135312).
    
      - Bluetooth: Check key sizes only when Secure Simple
        Pairing is enabled (bsc#1135556).
    
      - bnxt_en: Free short FW command HWRM memory in error path
        in bnxt_init_one() (bsc#1050242).
    
      - bnxt_en: Improve multicast address setup logic
        (networking-stable-19_05_04).
    
      - bnxt_en: Improve RX consumer index validity check
        (networking-stable-19_04_10).
    
      - bnxt_en: Reset device on RX buffer errors
        (networking-stable-19_04_10).
    
      - bonding: fix event handling for stacked bonds
        (networking-stable-19_04_19).
    
      - bpf: add map_lookup_elem_sys_only for lookups from
        syscall side (bsc#1083647).
    
      - bpf: Add missed newline in verifier verbose log
        (bsc#1056787).
    
      - bpf, lru: avoid messing with eviction heuristics upon
        syscall lookup (bsc#1083647).
    
      - brcmfmac: convert dev_init_lock mutex to completion
        (bsc#1051510).
    
      - brcmfmac: fix missing checks for kmemdup (bsc#1051510).
    
      - brcmfmac: fix Oops when bringing up interface during USB
        disconnect (bsc#1051510).
    
      - brcmfmac: fix race during disconnect when USB completion
        is in progress (bsc#1051510).
    
      - brcmfmac: fix WARNING during USB disconnect in case of
        unempty psq (bsc#1051510).
    
      - btrfs: delayed-ref: Use btrfs_ref to refactor
        btrfs_add_delayed_data_ref() (bsc#1063638 bsc#1128052
        bsc#1108838).
    
      - btrfs: delayed-ref: Use btrfs_ref to refactor
        btrfs_add_delayed_tree_ref() (bsc#1063638 bsc#1128052
        bsc#1108838).
    
      - btrfs: do not allow trimming when a fs is mounted with
        the nologreplay option (bsc#1135758).
    
      - btrfs: do not double unlock on error in btrfs_punch_hole
        (bsc#1136881).
    
      - btrfs: extent-tree: Fix a bug that btrfs is unable to
        add pinned bytes (bsc#1063638 bsc#1128052 bsc#1108838).
    
      - btrfs: extent-tree: Use btrfs_ref to refactor
        add_pinned_bytes() (bsc#1063638 bsc#1128052
        bsc#1108838).
    
      - btrfs: extent-tree: Use btrfs_ref to refactor
        btrfs_free_extent() (bsc#1063638 bsc#1128052
        bsc#1108838).
    
      - btrfs: extent-tree: Use btrfs_ref to refactor
        btrfs_inc_extent_ref() (bsc#1063638 bsc#1128052
        bsc#1108838).
    
      - btrfs: fix fsync not persisting changed attributes of a
        directory (bsc#1137151).
    
      - btrfs: fix race between ranged fsync and writeback of
        adjacent ranges (bsc#1136477).
    
      - btrfs: fix race updating log root item during fsync
        (bsc#1137153).
    
      - btrfs: fix wrong ctime and mtime of a directory after
        log replay (bsc#1137152).
    
      - btrfs: improve performance on fsync of files with
        multiple hardlinks (bsc#1123454).
    
      - btrfs: qgroup: Check bg while resuming relocation to
        avoid NULL pointer dereference (bsc#1134806).
    
      - btrfs: qgroup: Do not scan leaf if we're modifying reloc
        tree (bsc#1063638 bsc#1128052 bsc#1108838).
    
      - btrfs: reloc: Also queue orphan reloc tree for cleanup
        to avoid BUG_ON() (bsc#1133612).
    
      - btrfs: send, flush dellaloc in order to avoid data loss
        (bsc#1133320).
    
      - btrfs: tree-checker: detect file extent items with
        overlapping ranges (bsc#1136478).
    
      - chardev: add additional check for minor range overlap
        (bsc#1051510).
    
      - CIFS: keep FileInfo handle live during oplock break
        (bsc#1106284, bsc#1131565).
    
      - configfs: fix possible use-after-free in
        configfs_register_group (bsc#1051510).
    
      - configfs: Fix use-after-free when accessing sd->s_dentry
        (bsc#1051510).
    
      - cpufreq: Add Hygon Dhyana support ().
    
      - cpufreq: AMD: Ignore the check for ProcFeedback in ST/CZ
        ().
    
      - crypto: caam - fix caam_dump_sg that iterates through
        scatterlist (bsc#1051510).
    
      - crypto: vmx - CTR: always increment IV as quadword
        (bsc#1051510).
    
      - crypto: vmx - ghash: do nosimd fallback manually
        (bsc#1135661, bsc#1137162).
    
      - crypto: vmx - return correct error code on failed setkey
        (bsc#1135661, bsc#1137162).
    
      - dccp: do not use ipv6 header for ipv4 flow
        (networking-stable-19_03_28).
    
      - dccp: Fix memleak in __feat_register_sp (bsc#1051510).
    
      - debugfs: fix use-after-free on symlink traversal
        (bsc#1051510).
    
      - devres: Align data[] to ARCH_KMALLOC_MINALIGN
        (bsc#1051510).
    
      - docs: Fix conf.py for Sphinx 2.0 (bsc#1135642).
    
      - Documentation: Add MDS vulnerability documentation
        (bsc#1135642).
    
      - Documentation: Correct the possible MDS sysfs values
        (bsc#1135642).
    
      - drbd: Avoid Clang warning about pointless switch
        statment (bsc#1051510).
    
      - drbd: disconnect, if the wrong UUIDs are attached on a
        connected peer (bsc#1051510).
    
      - drbd: narrow rcu_read_lock in drbd_sync_handshake
        (bsc#1051510).
    
      - drbd: skip spurious timeout (ping-timeo) when failing
        promote (bsc#1051510).
    
      - drivers: acpi: add dependency of EFI for arm64
        (bsc#1117158).
    
      - drm/amdgpu: fix old fence check in amdgpu_fence_emit
        (bsc#1051510).
    
      - drm/bridge: adv7511: Fix low refresh rate selection
        (bsc#1051510).
    
      - drm/drv: Hold ref on parent device during drm_device
        lifetime (bsc#1051510).
    
      - drm/etnaviv: lock MMU while dumping core (bsc#1113722)
    
      - drm/gma500/cdv: Check vbt config bits when detecting
        lvds panels (bsc#1051510).
    
      - drm/i915: Disable LP3 watermarks on all SNB machines
        (bsc#1051510).
    
      - drm/i915: Downgrade Gen9 Plane WM latency error
        (bsc#1051510).
    
      - drm/i915/fbc: disable framebuffer compression on
        GeminiLake (bsc#1051510).
    
      - drm/i915/gvt: add 0x4dfc to gen9 save-restore list
        (bsc#1113722)
    
      - drm/i915/gvt: do not let TRTTE and 0x4dfc write
        passthrough to hardware (bsc#1051510).
    
      - drm/i915/gvt: Fix cmd length of VEB_DI_IECP
        (bsc#1113722)
    
      - drm/i915/gvt: refine ggtt range validation (bsc#1113722)
    
      - drm/i915/gvt: Tiled Resources mmios are in-context mmios
        for gen9+ (bsc#1113722)
    
      - drm/i915/perf: fix whitelist on Gen10+ (bsc#1051510).
    
      - drm/i915/sdvo: Implement proper HDMI audio support for
        SDVO (bsc#1051510).
    
      - drm/imx: do not skip DP channel disable for background
        plane (bsc#1051510).
    
      - drm/nouveau/disp/dp: respect sink limits when selecting
        failsafe link configuration (bsc#1051510).
    
      - drm/nouveau/i2c: Disable i2c bus access after ->fini()
        (bsc#1113722)
    
      - drm/radeon: prefer lower reference dividers
        (bsc#1051510).
    
      - drm/rockchip: fix for mailbox read validation
        (bsc#1051510).
    
      - drm/vmwgfx: Do not send drm sysfs hotplug events on
        initial master set (bsc#1051510).
    
      - drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader()
        leading to an invalid read (bsc#1051510).
    
      - drm/vmwgfx: NULL pointer dereference from
        vmw_cmd_dx_view_define() (bsc#1113722)
    
      - drm: Wake up next in drm_read() chain if we are forced
        to putback the event (bsc#1051510).
    
      - dt-bindings: clock: r8a7795: Remove CSIREF clock
        (bsc#1120902).
    
      - dt-bindings: clock: r8a7796: Remove CSIREF clock
        (bsc#1120902).
    
      - dt-bindings: net: Add binding for the external clock for
        TI WiLink (bsc#1085535).
    
      - dt-bindings: rtc: sun6i-rtc: Fix register range in
        example (bsc#1120902).
    
      - EDAC, amd64: Add Hygon Dhyana support ().
    
      - efi: add API to reserve memory persistently across kexec
        reboot (bsc#1117158).
    
      - efi/arm: Defer persistent reservations until after
        paging_init() (bsc#1117158).
    
      - efi/arm: Do not mark ACPI reclaim memory as
        MEMBLOCK_NOMAP (bsc#1117158 bsc#1115688 bsc#1120566).
    
      - efi/arm: libstub: add a root memreserve config table
        (bsc#1117158).
    
      - efi/arm: map UEFI memory map even w/o runtime services
        enabled (bsc#1117158).
    
      - efi/arm: preserve early mapping of UEFI memory map
        longer for BGRT (bsc#1117158).
    
      - efi/arm: Revert 'Defer persistent reservations until
        after paging_init()' (bsc#1117158).
    
      - efi/arm: Revert deferred unmap of early memmap mapping
        (bsc#1117158).
    
      - efi: honour memory reservations passed via a linux
        specific config table (bsc#1117158).
    
      - efi: Permit calling efi_mem_reserve_persistent() from
        atomic context (bsc#1117158).
    
      - efi: Permit multiple entries in persistent memreserve
        data structure (bsc#1117158).
    
      - efi: Prevent GICv3 WARN() by mapping the memreserve
        table before first use (bsc#1117158).
    
      - efi: Reduce the amount of memblock reservations for
        persistent allocations (bsc#1117158).
    
      - ext4: actually request zeroing of inode table after grow
        (bsc#1135315).
    
      - ext4: avoid panic during forced reboot due to aborted
        journal (bsc#1126356).
    
      - ext4: fix data corruption caused by overlapping
        unaligned and aligned IO (bsc#1136428).
    
      - ext4: fix ext4_show_options for file systems w/o journal
        (bsc#1135316).
    
      - ext4: fix use-after-free race with
        debug_want_extra_isize (bsc#1135314).
    
      - ext4: make sanity check in mballoc more strict
        (bsc#1136439).
    
      - ext4: wait for outstanding dio during truncate in
        nojournal mode (bsc#1136438).
    
      - extcon: arizona: Disable mic detect if running when
        driver is removed (bsc#1051510).
    
      - fbdev: fix divide error in fb_var_to_videomode
        (bsc#1113722)
    
      - fbdev: fix WARNING in __alloc_pages_nodemask bug
        (bsc#1113722)
    
      - firmware: efi: factor out mem_reserve (bsc#1117158
        bsc#1134671).
    
      - fix rtnh_ok() (git-fixes).
    
      - fs/sync.c: sync_file_range(2) may use WB_SYNC_ALL
        writeback (bsc#1136432).
    
      - fs/writeback.c: use rcu_barrier() to wait for inflight
        wb switches going into workqueue when umount
        (bsc#1136435).
    
      - ftrace/x86_64: Emulate call function while updating in
        breakpoint handler (bsc#1099658).
    
      - fuse: fallocate: fix return with locked inode
        (bsc#1051510).
    
      - fuse: fix writepages on 32bit (bsc#1051510).
    
      - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
        (bsc#1051510).
    
      - genetlink: Fix a memory leak on error path
        (networking-stable-19_03_28).
    
      - gpio: fix gpio-adp5588 build errors (bsc#1051510).
    
      - gpio: Remove obsolete comment about gpiochip_free_hogs()
        usage (bsc#1051510).
    
      - gpu: ipu-v3: dp: fix CSC handling (bsc#1051510).
    
      - HID: input: add mapping for Expose/Overview key
        (bsc#1051510).
    
      - HID: input: add mapping for keyboard Brightness
        Up/Down/Toggle keys (bsc#1051510).
    
      - HID: input: add mapping for 'Toggle Display' key
        (bsc#1051510).
    
      - HID: input: fix a4tech horizontal wheel custom usage
        (bsc#1137429).
    
      - HID: logitech-hidpp: change low battery level threshold
        from 31 to 30 percent (bsc#1051510).
    
      - HID: logitech-hidpp: use RAP instead of FAP to get the
        protocol version (bsc#1051510).
    
      - HID: wacom: Add ability to provide explicit battery
        status info (bsc#1051510).
    
      - HID: wacom: Add support for 3rd generation Intuos BT
        (bsc#1051510).
    
      - HID: wacom: Add support for Pro Pen slim (bsc#1051510).
    
      - HID: wacom: convert Wacom custom usages to standard HID
        usages (bsc#1051510).
    
      - HID: wacom: Correct button numbering 2nd-gen Intuos Pro
        over Bluetooth (bsc#1051510).
    
      - HID: wacom: Do not report anything prior to the tool
        entering range (bsc#1051510).
    
      - HID: wacom: Do not set tool type until we're in range
        (bsc#1051510).
    
      - HID: wacom: fix mistake in printk (bsc#1051510).
    
      - HID: wacom: generic: add the 'Report Valid' usage
        (bsc#1051510).
    
      - HID: wacom: generic: Ignore HID_DG_BATTERYSTRENTH == 0
        (bsc#1051510).
    
      - HID: wacom: generic: Leave tool in prox until it
        completely leaves sense (bsc#1051510).
    
      - HID: wacom: generic: Refactor generic battery handling
        (bsc#1051510).
    
      - HID: wacom: generic: Report AES battery information
        (bsc#1051510).
    
      - HID: wacom: generic: Reset events back to zero when pen
        leaves (bsc#1051510).
    
      - HID: wacom: generic: Scale battery capacity measurements
        to percentages (bsc#1051510).
    
      - HID: wacom: generic: Send BTN_STYLUS3 when both barrel
        switches are set (bsc#1051510).
    
      - HID: wacom: generic: Send BTN_TOOL_PEN in prox once the
        pen enters range (bsc#1051510).
    
      - HID: wacom: generic: Support multiple tools per report
        (bsc#1051510).
    
      - HID: wacom: generic: Use generic codepath terminology in
        wacom_wac_pen_report (bsc#1051510).
    
      - HID: wacom: Mark expected switch fall-through
        (bsc#1051510).
    
      - HID: wacom: Move handling of HID quirks into a dedicated
        function (bsc#1051510).
    
      - HID: wacom: Move HID fix for AES serial number into
        wacom_hid_usage_quirk (bsc#1051510).
    
      - HID: wacom: Properly handle AES serial number and tool
        type (bsc#1051510).
    
      - HID: wacom: Queue events with missing type/serial data
        for later processing (bsc#1051510).
    
      - HID: wacom: Remove comparison of u8 mode with zero and
        simplify (bsc#1051510).
    
      - HID: wacom: Replace touch_max fixup code with static
        touch_max definitions (bsc#1051510).
    
      - HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT
        eraser contact (bsc#1051510).
    
      - HID: wacom: Support 'in range' for Intuos/Bamboo tablets
        where possible (bsc#1051510).
    
      - HID: Wacom: switch Dell canvas into highres mode
        (bsc#1051510).
    
      - HID: wacom: Sync INTUOSP2_BT touch state after each
        frame if necessary (bsc#1051510).
    
      - HID: wacom: wacom_wac_collection() is local to
        wacom_wac.c (bsc#1051510).
    
      - HID: wacom: Work around HID descriptor bug in DTK-2451
        and DTH-2452 (bsc#1051510).
    
      - hwmon: (core) add thermal sensors only if dev->of_node
        is present (bsc#1051510).
    
      - hwmon: (pmbus/core) Treat parameters as paged if on
        multiple pages (bsc#1051510).
    
      - hwrng: omap - Set default quality (bsc#1051510).
    
      - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
        (bsc#1051510).
    
      - i2c: i801: Add support for Intel Comet Lake
        (jsc#SLE-5331).
    
      - ibmvnic: Add device identification to requested IRQs
        (bsc#1137739).
    
      - ibmvnic: Do not close unopened driver during reset
        (bsc#1137752).
    
      - ibmvnic: Fix unchecked return codes of memory
        allocations (bsc#1137752).
    
      - ibmvnic: Refresh device multicast list after reset
        (bsc#1137752).
    
      - ibmvnic: remove set but not used variable 'netdev'
        (bsc#1137739).
    
      - igmp: fix incorrect unsolicit report count when join
        group (git-fixes).
    
      - iio: adc: xilinx: fix potential use-after-free on remove
        (bsc#1051510).
    
      - iio: ad_sigma_delta: Properly handle SPI bus locking vs
        CS assertion (bsc#1051510).
    
      - iio: common: ssp_sensors: Initialize calculated_time in
        ssp_common_process_data (bsc#1051510).
    
      - iio: hmc5843: fix potential NULL pointer dereferences
        (bsc#1051510).
    
      - indirect call wrappers: helpers to speed-up indirect
        calls of builtin (bsc#1124503).
    
      - inetpeer: fix uninit-value in inet_getpeer (git-fixes).
    
      - Input: elan_i2c - add hardware ID for multiple Lenovo
        laptops (bsc#1051510).
    
      - Input: synaptics-rmi4 - fix possible double free
        (bsc#1051510).
    
      - iommu/arm-smmu-v3: Abort all transactions if SMMU is
        enabled in kdump kernel (bsc#1117158).
    
      - iommu/arm-smmu-v3: Do not disable SMMU in kdump kernel
        (bsc#1117158 bsc#1134671).
    
      - ip6_tunnel: collect_md xmit: Use ip_tunnel_key's
        provided src address (git-fixes).
    
      - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
        (networking-stable-19_04_10).
    
      - ipconfig: Correctly initialise ic_nameservers
        (bsc#1051510).
    
      - ip_gre: fix parsing gre header in ipgre_err (git-fixes).
    
      - ip_tunnel: Fix name string concatenate in
        __ip_tunnel_create() (git-fixes).
    
      - ipv4: add sanity checks in ipv4_link_failure()
        (git-fixes).
    
      - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET
        is disabled (git-fixes).
    
      - ipv4: ensure rcu_read_lock() in ipv4_link_failure()
        (networking-stable-19_04_19).
    
      - ipv4: ip_do_fragment: Preserve skb_iif during
        fragmentation (networking-stable-19_05_04).
    
      - ipv4: recompile ip options in ipv4_link_failure
        (networking-stable-19_04_19).
    
      - ipv4: set the tcp_min_rtt_wlen range from 0 to one day
        (networking-stable-19_04_30).
    
      - ipv6: fix cleanup ordering for ip6_mr failure
        (git-fixes).
    
      - ipv6: fix cleanup ordering for pingv6 registration
        (git-fixes).
    
      - ipv6/flowlabel: wait rcu grace period before put_pid()
        (git-fixes).
    
      - ipv6: invert flowlabel sharing check in process and user
        mode (git-fixes).
    
      - ipv6: mcast: fix unsolicited report interval after
        receiving querys (git-fixes).
    
      - ipvlan: Add the skb->mark as flow4's member to lookup
        route (bsc#1051510).
    
      - ipvlan: fix ipv6 outbound device (bsc#1051510).
    
      - ipvlan: use ETH_MAX_MTU as max mtu (bsc#1051510).
    
      - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf
        (git-fixes).
    
      - ipvs: fix buffer overflow with sync daemon and service
        (git-fixes).
    
      - ipvs: fix check on xmit to non-local addresses
        (git-fixes).
    
      - ipvs: fix race between ip_vs_conn_new() and
        ip_vs_del_dest() (bsc#1051510).
    
      - ipvs: fix rtnl_lock lockups caused by start_sync_thread
        (git-fixes).
    
      - ipvs: Fix signed integer overflow when setsockopt
        timeout (bsc#1051510).
    
      - ipvs: fix stats update from local clients (git-fixes).
    
      - iw_cxgb4: only allow 1 flush on user qps (bsc#1051510).
    
      - iwlwifi: mvm: check for length correctness in
        iwl_mvm_create_skb() (bsc#1051510).
    
      - iwlwifi: pcie: do not crash on invalid RX interrupt
        (bsc#1051510).
    
      - jbd2: check superblock mapped prior to committing
        (bsc#1136430).
    
      - kabi: drop LINUX_MIB_TCPWQUEUETOOBIG snmp counter
        (bsc#1137586).
    
      - kabi: implement map_lookup_elem_sys_only in another way
        (bsc#1083647).
    
      - kabi: move sysctl_tcp_min_snd_mss to preserve struct net
        layout (bsc#1137586).
    
      - kABI workaround for the new pci_dev.skip_bus_pm field
        addition (bsc#1051510).
    
      - kernel/signal.c: trace_signal_deliver when
        signal_group_exit (git-fixes).
    
      - kernel/sys.c: prctl: fix false positive in
        validate_prctl_map() (git-fixes).
    
      - keys: safe concurrent user->(session,uid)_keyring access
        (bsc#1135642).
    
      - kmsg: Update message catalog to latest IBM level
        (2019/03/08) (bsc#1128904 LTC#176078).
    
      - KVM: PPC: Book3S HV: Avoid lockdep debugging in TCE
        realmode handlers (bsc#1061840).
    
      - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of
        passthrough interrupts (bsc#1061840).
    
      - KVM: PPC: Book3S: Protect memslots while validating user
        address (bsc#1061840).
    
      - KVM: PPC: Release all hardware TCE tables attached to a
        group (bsc#1061840).
    
      - KVM: PPC: Remove redundand permission bits removal
        (bsc#1061840).
    
      - KVM: PPC: Validate all tces before updating tables
        (bsc#1061840).
    
      - KVM: PPC: Validate TCEs against preregistered memory
        page sizes (bsc#1061840).
    
      - KVM: s390: fix memory overwrites when not using SCA
        entries (bsc#1136206).
    
      - KVM: s390: provide io interrupt kvm_stat (bsc#1136206).
    
      - KVM: s390: use created_vcpus in more places
        (bsc#1136206).
    
      - KVM: s390: vsie: fix < 8k check for the itdba
        (bsc#1136206).
    
      - l2tp: cleanup l2tp_tunnel_delete calls (bsc#1051510).
    
      - l2tp: filter out non-PPP sessions in
        pppol2tp_tunnel_ioctl() (git-fixes).
    
      - l2tp: fix missing refcount drop in
        pppol2tp_tunnel_ioctl() (git-fixes).
    
      - l2tp: only accept PPP sessions in pppol2tp_connect()
        (git-fixes).
    
      - l2tp: prevent pppol2tp_connect() from creating kernel
        sockets (git-fixes).
    
      - l2tp: revert 'l2tp: fix missing print session offset
        info' (bsc#1051510).
    
      - leds: avoid flush_work in atomic context (bsc#1051510).
    
      - leds: pwm: silently error out on EPROBE_DEFER
        (bsc#1051510).
    
      - livepatch: Convert error about unsupported reliable
        stacktrace into a warning (bsc#1071995).
    
      - livepatch: Remove custom kobject state handling
        (bsc#1071995).
    
      - livepatch: Remove duplicated code for early
        initialization (bsc#1071995).
    
      - mac80211/cfg80211: update bss channel on channel switch
        (bsc#1051510).
    
      - mac80211: Fix kernel panic due to use of txq after free
        (bsc#1051510).
    
      - mac80211: fix memory accounting with A-MSDU aggregation
        (bsc#1051510).
    
      - mac80211: fix unaligned access in mesh table hash
        function (bsc#1051510).
    
      - mac8390: Fix mmio access size probe (bsc#1051510).
    
      - MD: fix invalid stored role for a disk (bsc#1051510).
    
      - media: atmel: atmel-isc: fix INIT_WORK misplacement
        (bsc#1051510).
    
      - media: au0828: Fix NULL pointer dereference in
        au0828_analog_stream_enable() (bsc#1051510).
    
      - media: au0828: stop video streaming only when last user
        stops (bsc#1051510).
    
      - media: coda: clear error return value before picture run
        (bsc#1051510).
    
      - media: cpia2: Fix use-after-free in cpia2_exit
        (bsc#1051510).
    
      - media: davinci/vpbe: array underflow in
        vpbe_enum_outputs() (bsc#1051510).
    
      - media: go7007: avoid clang frame overflow warning with
        KASAN (bsc#1051510).
    
      - media: m88ds3103: serialize reset messages in
        m88ds3103_set_frontend (bsc#1051510).
    
      - media: omap_vout: potential buffer overflow in
        vidioc_dqbuf() (bsc#1051510).
    
      - media: ov2659: make S_FMT succeed even if requested
        format does not match (bsc#1051510).
    
      - media: saa7146: avoid high stack usage with clang
        (bsc#1051510).
    
      - media: smsusb: better handle optional alignment
        (bsc#1051510).
    
      - media: usb: siano: Fix false-positive 'uninitialized
        variable' warning (bsc#1051510).
    
      - media: usb: siano: Fix general protection fault in
        smsusb (bsc#1051510).
    
      - memcg: make it work on sparse non-0-node systems
        (bnc#1133616).
    
      - memcg: make it work on sparse non-0-node systems kabi
        (bnc#1133616).
    
      - mfd: da9063: Fix OTP control register names to match
        datasheets for DA9063/63L (bsc#1051510).
    
      - mfd: intel-lpss: Set the device in reset state when init
        (bsc#1051510).
    
      - mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
        (bsc#1051510).
    
      - mfd: tps65912-spi: Add missing of table registration
        (bsc#1051510).
    
      - mfd: twl6040: Fix device init errors for ACCCTL register
        (bsc#1051510).
    
      - mISDN: Check address length before reading address
        family (bsc#1051510).
    
      - mlxsw: spectrum: Fix autoneg status in ethtool
        (networking-stable-19_04_30).
    
      - mmc: block: Delete gendisk before cleaning up the
        request queue (bsc#1127616).
    
      - mmc: core: make pwrseq_emmc (partially) support sleepy
        GPIO controllers (bsc#1051510).
    
      - mmc: core: Verify SD bus width (bsc#1051510).
    
      - mmc: mmci: Prevent polling for busy detection in IRQ
        context (bsc#1051510).
    
      - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50
        data hold time problem (bsc#1051510).
    
      - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold
        time problem (bsc#1051510).
    
      - mmc: sdhci-of-esdhc: add erratum A-009204 support
        (bsc#1051510).
    
      - mmc: sdhci-of-esdhc: add erratum eSDHC5 support
        (bsc#1051510).
    
      - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358
        support (bsc#1051510).
    
      - mmc_spi: add a status check for spi_sync_locked
        (bsc#1051510).
    
      - mm-Fix-modifying-of-page-protection-by-insert_pfn.patch:
        Fix buggy backport leading to MAP_SYNC failures
        (bsc#1137372)
    
      - mm/huge_memory: fix vmf_insert_pfn_(pmd, pud)() crash,
        handle unaligned addresses (bsc#1135330).
    
      - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings
        (bnc#1012382).
    
      - mount: copy the port field into the cloned nfs_server
        structure (bsc#1136990).
    
      - mwifiex: Fix heap overflow in
        mwifiex_uap_parse_tail_ies() (bsc#1136935).
    
      - mwifiex: Fix possible buffer overflows at parsing bss
        descriptor
    
      - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
        (git-fixes).
    
      - net: aquantia: fix rx checksum offload for UDP/TCP over
        IPv6 (networking-stable-19_03_28).
    
      - net: atm: Fix potential Spectre v1 vulnerabilities
        (networking-stable-19_04_19).
    
      - net: do not keep lonely packets forever in the gro hash
        (git-fixes).
    
      - net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc
        (networking-stable-19_05_04).
    
      - net: dsa: mv88e6xxx: fix handling of upper half of
        STATS_TYPE_PORT (git-fixes).
    
      - net: ena: fix return value of ena_com_config_llq_info()
        (bsc#1111696 bsc#1117561).
    
      - net: ethtool: not call vzalloc for zero sized memory
        request (networking-stable-19_04_10).
    
      - netfilter: bridge: Do not sabotage nf_hook calls from an
        l3mdev (git-fixes).
    
      - netfilter: ebtables: CONFIG_COMPAT: reject trailing data
        after last rule (git-fixes).
    
      - netfilter: ebtables: handle string from userspace with
        care (git-fixes).
    
      - netfilter: ebtables: reject non-bridge targets
        (git-fixes).
    
      - netfilter: ipset: do not call ipset_nest_end after
        nla_nest_cancel (git-fixes).
    
      - netfilter: nf_log: do not hold nf_log_mutex during user
        access (git-fixes).
    
      - netfilter: nf_log: fix uninit read in
        nf_log_proc_dostring (git-fixes).
    
      - netfilter: nf_tables: can't fail after linking rule into
        active rule list (git-fixes).
    
      - netfilter: nf_tables: check msg_type before
        nft_trans_set(trans) (git-fixes).
    
      - netfilter: nf_tables: fix leaking object reference count
        (git-fixes).
    
      - netfilter: nf_tables: fix NULL pointer dereference on
        nft_ct_helper_obj_dump() (git-fixes).
    
      - netfilter: nf_tables: release chain in flushing set
        (git-fixes).
    
      - netfilter: nft_compat: do not dump private area
        (git-fixes).
    
      - netfilter: x_tables: initialise match/target check
        parameter struct (git-fixes).
    
      - net: Fix a bug in removing queues from XPS map
        (git-fixes).
    
      - net: fix uninit-value in __hw_addr_add_ex() (git-fixes).
    
      - net: fou: do not use guehdr after iptunnel_pull_offloads
        in gue_udp_recv (networking-stable-19_04_19).
    
      - net-gro: Fix GRO flush when receiving a GSO packet
        (networking-stable-19_04_10).
    
      - net: hns3: remove resetting check in
        hclgevf_reset_task_schedule (bsc#1104353 bsc#1135056).
    
      - net/ibmvnic: Remove tests of member address
        (bsc#1137739).
    
      - net: initialize skb->peeked when cloning (git-fixes).
    
      - net/ipv4: defensive cipso option parsing (git-fixes).
    
      - net/ipv6: do not reinitialize ndev->cnf.addr_gen_mode on
        new inet6_dev (git-fixes).
    
      - net/ipv6: fix addrconf_sysctl_addr_gen_mode (git-fixes).
    
      - net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to
        devices (git-fixes).
    
      - net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE
        (git-fixes).
    
      - netlink: fix uninit-value in netlink_sendmsg
        (git-fixes).
    
      - net: make skb_partial_csum_set() more robust against
        overflows (git-fixes).
    
      - net/mlx5: Decrease default mr cache size
        (networking-stable-19_04_10).
    
      - net/mlx5e: Add a lock on tir list
        (networking-stable-19_04_10).
    
      - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high
        pages query (networking-stable-19_04_30).
    
      - net/mlx5e: Fix error handling when refreshing TIRs
        (networking-stable-19_04_10).
    
      - net/mlx5e: Fix trailing semicolon (bsc#1075020).
    
      - net/mlx5e: IPoIB, Reset QP after channels are closed
        (bsc#1075020).
    
      - net: phy: marvell: Fix buffer overrun with stats
        counters (networking-stable-19_05_04).
    
      - net: rds: exchange of 8K and 1M pool
        (networking-stable-19_04_30).
    
      - net: rose: fix a possible stack overflow
        (networking-stable-19_03_28).
    
      - net/rose: fix unbound loop in rose_loopback_timer()
        (networking-stable-19_04_30).
    
      - net/sched: act_sample: fix divide by zero in the traffic
        path (networking-stable-19_04_10).
    
      - net/sched: do not dereference a->goto_chain to read the
        chain index (bsc#1064802 bsc#1066129).
    
      - net/sched: fix ->get helper of the matchall cls
        (networking-stable-19_04_10).
    
      - net: socket: fix potential spectre v1 gadget in
        socketcall (git-fixes).
    
      - net: stmmac: fix memory corruption with large MTUs
        (networking-stable-19_03_28).
    
      - net: stmmac: move stmmac_check_ether_addr() to driver
        probe (networking-stable-19_04_30).
    
      - net: test tailroom before appending to linear skb
        (git-fixes).
    
      - net: thunderx: do not allow jumbo frames with XDP
        (networking-stable-19_04_19).
    
      - net: thunderx: raise XDP MTU to 1508
        (networking-stable-19_04_19).
    
      - net: unbreak CONFIG_RETPOLINE=n builds (bsc#1124503).
    
      - net: use indirect call wrappers at GRO network layer
        (bsc#1124503).
    
      - net: use indirect call wrappers at GRO transport layer
        (bsc#1124503).
    
      - NFS add module option to limit NFSv4 minor version
        (jsc#PM-231).
    
      - nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL
        commands (bsc#1051510).
    
      - nvme: Do not remove namespaces during reset
        (bsc#1131673).
    
      - nvme: flush scan_work when resetting controller
        (bsc#1131673).
    
      - nvmem: allow to select i.MX nvmem driver for i.MX 7D
        (bsc#1051510).
    
      - nvmem: core: fix read buffer in place (bsc#1051510).
    
      - nvmem: correct Broadcom OTP controller driver writes
        (bsc#1051510).
    
      - nvmem: Do not let a NULL cell_id for nvmem_cell_get()
        crash us (bsc#1051510).
    
      - nvmem: imx-ocotp: Add i.MX7D timing write clock setup
        support (bsc#1051510).
    
      - nvmem: imx-ocotp: Add support for banked OTP addressing
        (bsc#1051510).
    
      - nvmem: imx-ocotp: Enable i.MX7D OTP write support
        (bsc#1051510).
    
      - nvmem: imx-ocotp: Move i.MX6 write clock setup to
        dedicated function (bsc#1051510).
    
      - nvmem: imx-ocotp: Pass parameters via a struct
        (bsc#1051510).
    
      - nvmem: imx-ocotp: Restrict OTP write to IMX6 processors
        (bsc#1051510).
    
      - nvmem: imx-ocotp: Update module description
        (bsc#1051510).
    
      - nvmem: properly handle returned value nvmem_reg_read
        (bsc#1051510).
    
      - nvme-rdma: fix possible free of a non-allocated async
        event buffer (bsc#1120423).
    
      - nvme: skip nvme_update_disk_info() if the controller is
        not live (bsc#1128432).
    
      - objtool: Fix function fallthrough detection
        (bsc#1058115).
    
      - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
        (bsc#1136434).
    
      - of: fix clang -Wunsequenced for be32_to_cpu()
        (bsc#1135642).
    
      - p54: drop device reference count if fails to enable
        device (bsc#1135642).
    
      - packet: fix reserve calculation (git-fixes).
    
      - packet: in packet_snd start writing at link layer
        allocation (git-fixes).
    
      - packet: refine ring v3 block size test to hold one frame
        (git-fixes).
    
      - packet: reset network header if packet shorter than ll
        reserved space (git-fixes).
    
      - packets: Always register packet sk in the same order
        (networking-stable-19_03_28).
    
      - parport: Fix mem leak in parport_register_dev_model
        (bsc#1051510).
    
      - PCI: endpoint: Use EPC's device in
        dma_alloc_coherent()/dma_free_coherent() (git-fixes).
    
      - PCI: Factor out pcie_retrain_link() function
        (git-fixes).
    
      - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken
        (bsc#1051510).
    
      - PCI: Mark Atheros AR9462 to avoid bus reset
        (bsc#1051510).
    
      - PCI: PM: Avoid possible suspend-to-idle issue
        (bsc#1051510).
    
      - PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link
        erratum (git-fixes).
    
      - perf tools: Add Hygon Dhyana support ().
    
      - platform/chrome: cros_ec_proto: check for NULL transfer
        function (bsc#1051510).
    
      - platform/x86: mlx-platform: Fix parent device in
        i2c-mux-reg device registration (bsc#1051510).
    
      - platform/x86: pmc_atom: Add Lex 3I380D industrial PC to
        critclk_systems DMI table (bsc#1051510).
    
      - platform/x86: pmc_atom: Add several Beckhoff Automation
        boards to critclk_systems DMI table (bsc#1051510).
    
      - PM / core: Propagate dev->power.wakeup_path when no
        callbacks (bsc#1051510).
    
      - powerpc: Always initialize input array when calling
        epapr_hypercall() (bsc#1065729).
    
      - powerpc/cacheinfo: add cacheinfo_teardown,
        cacheinfo_rebuild (bsc#1138374, LTC#178199).
    
      - powerpc/eeh: Fix race with driver un/bind (bsc#1065729).
    
      - powerpc: Fix HMIs on big-endian with
        CONFIG_RELOCATABLE=y (bsc#1065729).
    
      - powerpc/msi: Fix NULL pointer access in teardown code
        (bsc#1065729).
    
      - powerpc/perf: Fix MMCRA corruption by bhrb_filter
        (bsc#1053043).
    
      - powerpc/powernv/idle: Restore IAMR after idle
        (bsc#1065729).
    
      - powerpc/process: Fix sparse address space warnings
        (bsc#1065729).
    
      - powerpc/pseries: Fix oops in hotplug memory notifier
        (bsc#1138375, LTC#178204).
    
      - powerpc/pseries/mobility: prevent cpu hotplug during DT
        update (bsc#1138374, LTC#178199).
    
      - powerpc/pseries/mobility: rebuild cacheinfo hierarchy
        post-migration (bsc#1138374, LTC#178199).
    
      - power: supply: axp20x_usb_power: Fix typo in VBUS
        current limit macros (bsc#1051510).
    
      - power: supply: axp288_charger: Fix unchecked return
        value (bsc#1051510).
    
      - power: supply: max14656: fix potential use-before-alloc
        (bsc#1051510).
    
      - power: supply: sysfs: prevent endless uevent loop with
        CONFIG_POWER_SUPPLY_DEBUG (bsc#1051510).
    
      - ptrace: take into account saved_sigmask in
        PTRACE(GET,SET)SIGMASK (git-fixes).
    
      - qlcnic: Avoid potential NULL pointer dereference
        (bsc#1051510).
    
      - qmi_wwan: Add quirk for Quectel dynamic config
        (bsc#1051510).
    
      - RDMA/hns: Fix bug that caused srq creation to fail
        (bsc#1104427 ).
    
      - RDMA/rxe: Consider skb reserve space based on netdev of
        GID (bsc#1082387, bsc#1103992).
    
      - Revert 'ALSA: hda/realtek - Improve the headset mic for
        Acer Aspire laptops' (bsc#1051510).
    
      - Revert 'HID: wacom: generic: Send BTN_TOOL_PEN in prox
        once the pen enters range' (bsc#1051510).
    
      - rtc: 88pm860x: prevent use-after-free on device remove
        (bsc#1051510).
    
      - rtc: da9063: set uie_unsupported when relevant
        (bsc#1051510).
    
      - rtc: do not reference bogus function pointer in kdoc
        (bsc#1051510).
    
      - rtc: sh: Fix invalid alarm warning for non-enabled alarm
        (bsc#1051510).
    
      - rtlwifi: fix a potential NULL pointer dereference
        (bsc#1051510).
    
      - rxrpc: Fix error reception on AF_INET6 sockets
        (git-fixes).
    
      - rxrpc: Fix transport sockopts to get IPv4 errors on an
        IPv6 socket (git-fixes).
    
      - s390/qdio: clear intparm during shutdown (bsc#1134597
        LTC#177516).
    
      - scsi: qedf: fixup bit operations (bsc#1135542).
    
      - scsi: qedf: fixup locking in qedf_restart_rport()
        (bsc#1135542).
    
      - scsi: qedf: missing kref_put in qedf_xmit()
        (bsc#1135542).
    
      - scsi: qla2xxx: Declare local functions 'static'
        (bsc#1137444).
    
      - scsi: qla2xxx: fix error message on <qla2400
        (bsc#1118139).
    
      - scsi: qla2xxx: Fix function argument descriptions
        (bsc#1118139).
    
      - scsi: qla2xxx: Fix memory corruption during hba reset
        test (bsc#1118139).
    
      - scsi: qla2xxx: fix spelling mistake: 'existant' ->
        'existent' (bsc#1118139).
    
      - scsi: qla2xxx: fully convert to the generic DMA API
        (bsc#1137444).
    
      - scsi: qla2xxx: fx00 copypaste typo (bsc#1118139).
    
      - scsi: qla2xxx: Improve several kernel-doc headers
        (bsc#1137444).
    
      - scsi: qla2xxx: Introduce a switch/case statement in
        qlt_xmit_tm_rsp() (bsc#1137444).
    
      - scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier
        to analyze (bsc#1137444).
    
      - scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry()
        initializes 'res' (bsc#1137444).
    
      - scsi: qla2xxx: NULL check before some freeing functions
        is not needed (bsc#1137444).
    
      - scsi: qla2xxx: Remove a set-but-not-used variable
        (bsc#1137444).
    
      - scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq
        (bsc#1118139).
    
      - scsi: qla2xxx: Remove two arguments from
        qlafx00_error_entry() (bsc#1137444).
    
      - scsi: qla2xxx: Remove unused symbols (bsc#1118139).
    
      - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds()
        function (bsc#1137444).
    
      - scsi: qla2xxx: use lower_32_bits and upper_32_bits
        instead of reinventing them (bsc#1137444).
    
      - scsi: qla2xxx: Use %p for printing pointers
        (bsc#1118139).
    
      - sctp: avoid running the sctp state machine recursively
        (networking-stable-19_05_04).
    
      - sctp: fix identification of new acks for SFR-CACC
        (git-fixes).
    
      - sctp: get sctphdr by offset in sctp_compute_cksum
        (networking-stable-19_03_28).
    
      - sctp: initialize _pad of sockaddr_in before copying to
        user memory (networking-stable-19_04_10).
    
      - serial: sh-sci: disable DMA for uart_console
        (bsc#1051510).
    
      - signal: Always notice exiting tasks (git-fixes).
    
      - signal: Better detection of synchronous signals
        (git-fixes).
    
      - signal: Restore the stop PTRACE_EVENT_EXIT (git-fixes).
    
      - soc/fsl/qe: Fix an error code in qe_pin_request()
        (bsc#1051510).
    
      - spi: bitbang: Fix NULL pointer dereference in
        spi_unregister_master (bsc#1051510).
    
      - spi: Fix zero length xfer bug (bsc#1051510).
    
      - spi: Micrel eth switch: declare missing of table
        (bsc#1051510).
    
      - spi: pxa2xx: Add support for Intel Comet Lake
        (jsc#SLE-5331).
    
      - spi: pxa2xx: fix SCR (divisor) calculation
        (bsc#1051510).
    
      - spi: spi-fsl-spi: call spi_finalize_current_message() at
        the end (bsc#1051510).
    
      - spi : spi-topcliff-pch: Fix to handle empty DMA buffers
        (bsc#1051510).
    
      - spi: ST ST95HF NFC: declare missing of table
        (bsc#1051510).
    
      - spi: tegra114: reset controller on probe (bsc#1051510).
    
      - staging: vc04_services: Fix a couple error codes
        (bsc#1051510).
    
      - staging: vc04_services: prevent integer overflow in
        create_pagelist() (bsc#1051510).
    
      - staging: wlan-ng: fix adapter initialization failure
        (bsc#1051510).
    
      - stmmac: pci: Adjust IOT2000 matching
        (networking-stable-19_04_30).
    
      - switchtec: Fix unintended mask of MRPC event
        (git-fixes).
    
      - tcp: add tcp_min_snd_mss sysctl (bsc#1137586).
    
      - tcp: do not use ipv6 header for ipv4 flow
        (networking-stable-19_03_28).
    
      - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
        (bsc#1137586).
    
      - tcp: Ensure DCTCP reacts to losses
        (networking-stable-19_04_10).
    
      - tcp: limit payload size of sacked skbs (bsc#1137586).
    
      - tcp: purge write queue in tcp_connect_init()
        (git-fixes).
    
      - tcp: tcp_fragment() should apply sane memory limits
        (bsc#1137586).
    
      - tcp: tcp_grow_window() needs to respect tcp_space()
        (networking-stable-19_04_19).
    
      - team: fix possible recursive locking when add slaves
        (networking-stable-19_04_30).
    
      - team: set slave to promisc if team is already in promisc
        mode (bsc#1051510).
    
      - test_firmware: Use correct snprintf() limit
        (bsc#1135642).
    
      - thermal: cpu_cooling: Actually trace CPU load in
        thermal_power_cpu_get_power (bsc#1051510).
    
      - thunderbolt: Fix to check for kmemdup failure
        (bsc#1051510).
    
      - thunderx: eliminate extra calls to put_page() for pages
        held for recycling (networking-stable-19_03_28).
    
      - thunderx: enable page recycling for non-XDP case
        (networking-stable-19_03_28).
    
      - tipc: fix hanging clients using poll with EPOLLOUT flag
        (git-fixes).
    
      - tipc: missing entries in name table of publications
        (networking-stable-19_04_19).
    
      - tools/cpupower: Add Hygon Dhyana support ().
    
      - tools lib traceevent: Fix missing equality check for
        strcmp (bsc#1129770).
    
      - tracing: Fix partial reading of trace event's id file
        (bsc#1136573).
    
      - treewide: Use DEVICE_ATTR_WO (bsc#1137739).
    
      - tty: ipwireless: fix missing checks for ioremap
        (bsc#1051510).
    
      - TTY: serial_core, add ->install (bnc#1129693).
    
      - tty: serial: msm_serial: Fix XON/XOFF (bsc#1051510).
    
      - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
        (bsc#1051510).
    
      - tun: add a missing rcu_read_unlock() in error path
        (networking-stable-19_03_28).
    
      - tun: properly test for IFF_UP
        (networking-stable-19_03_28).
    
      - udp: use indirect call wrappers for GRO socket lookup
        (bsc#1124503).
    
      - ufs: fix braino in ufs_get_inode_gid() for solaris UFS
        flavour (bsc#1135323).
    
      - Update config files: CONFIG_NVMEM_IMX_OCOTP=m for
        armvh7hl/lpae
    
      - Update config files. Debug kernel is not supported
        (bsc#1135492).
    
      - Update config files: disable CONFIG_IDE on ppc64le
    
      - Update config files for NFSv4.2 Enable NFSv4.2 support -
        jsc@PM-231 This requires a module parameter for NFSv4.2
        to actually be available on SLE12 and SLE15-SP0
    
      - Update cx2072x patches to follow the upstream
        development (bsc#1068546)
    
      - Update patch reference for ipmi_ssif fix (bsc#1135120)
    
      - usb: Add LPM quirk for Surface Dock GigE adapter
        (bsc#1051510).
    
      - usb: core: Add PM runtime calls to
        usb_hcd_platform_shutdown (bsc#1051510).
    
      - usb: core: Do not unbind interfaces following device
        reset failure (bsc#1051510).
    
      - usb: dwc2: Fix DMA cache alignment issues (bsc#1051510).
    
      - usb: Fix slab-out-of-bounds write in
        usb_get_bos_descriptor (bsc#1051510).
    
      - usbip: usbip_host: fix BUG: sleeping function called
        from invalid context (bsc#1051510).
    
      - usbip: usbip_host: fix stub_dev lock context imbalance
        regression (bsc#1051510).
    
      - usbnet: fix kernel crash after disconnect (bsc#1051510).
    
      - usb: rio500: fix memory leak in close after disconnect
        (bsc#1051510).
    
      - usb: rio500: refuse more than one device at a time
        (bsc#1051510).
    
      - usb: sisusbvga: fix oops in error path of sisusb_probe
        (bsc#1051510).
    
      - userfaultfd: use RCU to free the task struct when fork
        fails (git-fixes).
    
      - vhost: reject zero size iova range
        (networking-stable-19_04_19).
    
      - video: hgafb: fix potential NULL pointer dereference
        (bsc#1051510).
    
      - video: imsttfb: fix potential NULL pointer dereferences
        (bsc#1051510).
    
      - virtio_console: initialize vtermno value for ports
        (bsc#1051510).
    
      - vrf: check accept_source_route on the original netdevice
        (networking-stable-19_04_10).
    
      - vsock/virtio: Initialize core virtio vsock before
        registering the driver (bsc#1051510).
    
      - vt: always call notifier with the console lock held
        (bsc#1051510).
    
      - vxlan: Do not call gro_cells_destroy() before device is
        unregistered (networking-stable-19_03_28).
    
      - vxlan: trivial indenting fix (bsc#1051510).
    
      - vxlan: use __be32 type for the param vni in
        __vxlan_fdb_delete (bsc#1051510).
    
      - w1: fix the resume command API (bsc#1051510).
    
      - watchdog: imx2_wdt: Fix set_timeout for big timeout
        values (bsc#1051510).
    
      - x86_64: Add gap to int3 to allow for call emulation
        (bsc#1099658).
    
      - x86_64: Allow breakpoints to emulate call instructions
        (bsc#1099658).
    
      - x86/alternative: Init ideal_nops for Hygon Dhyana ().
    
      - x86/amd_nb: Check vendor in AMD-only functions ().
    
      - x86/apic: Add Hygon Dhyana support ().
    
      - x86/bugs: Add Hygon Dhyana to the respective mitigation
        machinery ().
    
      - x86/cpu: Create Hygon Dhyana architecture support file
        ().
    
      - x86/cpu: Get cache info and setup cache cpumap for Hygon
        Dhyana ().
    
      - x86/cpu/mtrr: Support TOP_MEM2 and get MTRR number ().
    
      - x86/events: Add Hygon Dhyana support to PMU
        infrastructure ().
    
      - x86/kvm: Add Hygon Dhyana support to KVM ().
    
      - x86/mce: Add Hygon Dhyana support to the MCA
        infrastructure ().
    
      - x86/mce: Do not disable MCA banks when offlining a CPU
        on AMD ().
    
      - x86/pci, x86/amd_nb: Add Hygon Dhyana support to PCI and
        northbridge ().
    
      - x86/smpboot: Do not use BSP INIT delay and MWAIT to idle
        on Dhyana ().
    
      - x86/speculation/mds: Fix documentation typo
        (bsc#1135642).
    
      - x86/xen: Add Hygon Dhyana support to Xen ().
    
      - xenbus: drop useless LIST_HEAD in xenbus_write_watch()
        and xenbus_file_write() (bsc#1065600).
    
      - xen/pciback: Do not disable PCI_COMMAND on PCI device
        reset (bsc#1065600).
    
      - xfrm6: avoid potential infinite loop in
        _decode_session6() (git-fixes).
    
      - xfrm6: call kfree_skb when skb is toobig (git-fixes).
    
      - xfrm: fix missing dst_release() after policy blocking
        lbcast and multicast (git-fixes).
    
      - xfrm: fix 'passing zero to ERR_PTR()' warning
        (git-fixes).
    
      - xfrm: reset crypto_done when iterating over multiple
        input xfrms (git-fixes).
    
      - xfrm: reset transport header back to network header
        after all input transforms ahave been applied
        (git-fixes).
    
      - xfrm_user: prevent leaking 2 bytes of kernel memory
        (git-fixes).
    
      - xfrm: Validate address prefix lengths in the xfrm
        selector (git-fixes).
    
      - xfs: add log item pinning error injection tag
        (bsc#1114427).
    
      - xfs: buffer lru reference count error injection tag
        (bsc#1114427).
    
      - xfs: check _btree_check_block value (bsc#1123663).
    
      - xfs: convert drop_writes to use the errortag mechanism
        (bsc#1114427).
    
      - xfs: create block pointer check functions (bsc#1123663).
    
      - xfs: create inode pointer verifiers (bsc#1114427).
    
      - xfs: do not clear imap_valid for a non-uptodate buffers
        (bsc#1138018).
    
      - xfs: do not look at buffer heads in xfs_add_to_ioend
        (bsc#1138013).
    
      - xfs: do not set the page uptodate in xfs_writepage_map
        (bsc#1138003).
    
      - xfs: do not use XFS_BMAPI_ENTRIRE in xfs_get_blocks
        (bsc#1137999).
    
      - xfs: do not use XFS_BMAPI_IGSTATE in xfs_map_blocks
        (bsc#1138005).
    
      - xfs: eof trim writeback mapping as soon as it is cached
        (bsc#1138019).
    
      - xfs: export _inobt_btrec_to_irec and
        _ialloc_cluster_alignment for scrub (bsc#1114427).
    
      - xfs: export various function for the online scrubber
        (bsc#1123663).
    
      - xfs: expose errortag knobs via sysfs (bsc#1114427).
    
      - xfs: fix s_maxbytes overflow problems (bsc#1137996).
    
      - xfs: fix unused variable warning in xfs_buf_set_ref()
        (bsc#1114427).
    
      - xfs: force summary counter recalc at next mount
        (bsc#1114427).
    
      - xfs: make errortag a per-mountpoint structure
        (bsc#1123663).
    
      - xfs: make xfs_writepage_map extent map centric
        (bsc#1138009).
    
      - xfs: minor cleanup for xfs_get_blocks (bsc#1138000).
    
      - xfs: move all writeback buffer_head manipulation into
        xfs_map_at_offset (bsc#1138014).
    
      - xfs: move error injection tags into their own file
        (bsc#1114427).
    
      - xfs: refactor btree block header checking functions
        (bsc#1123663).
    
      - xfs: refactor btree pointer checks (bsc#1123663).
    
      - xfs: refactor the tail of xfs_writepage_map
        (bsc#1138016).
    
      - xfs: refactor unmount record write (bsc#1114427).
    
      - xfs: remove the imap_valid flag (bsc#1138012).
    
      - xfs: remove unneeded parameter from XFS_TEST_ERROR
        (bsc#1123663).
    
      - xfs: remove unused parameter from xfs_writepage_map
        (bsc#1137995).
    
      - xfs: remove XFS_IO_INVALID (bsc#1138017).
    
      - xfs: remove xfs_map_cow (bsc#1138007).
    
      - xfs: remove xfs_reflink_find_cow_mapping (bsc#1138010).
    
      - xfs: remove xfs_reflink_trim_irec_to_next_cow
        (bsc#1138006).
    
      - xfs: remove xfs_start_page_writeback (bsc#1138015).
    
      - xfs: rename MAXPATHLEN to XFS_SYMLINK_MAXLEN
        (bsc#1123663).
    
      - xfs: rename the offset variable in xfs_writepage_map
        (bsc#1138008).
    
      - xfs: replace log_badcrc_factor knob with error injection
        tag (bsc#1114427).
    
      - xfs: sanity-check the unused space before trying to use
        it (bsc#1123663).
    
      - xfs: serialize unaligned dio writes against all other
        dio writes (bsc#1134936).
    
      - xfs: simplify xfs_map_blocks by using
        xfs_iext_lookup_extent directly (bsc#1138011).
    
      - xfs: skip CoW writes past EOF when writeback races with
        truncate (bsc#1137998).
    
      - xfs: xfs_reflink_convert_cow() memory allocation
        deadlock (bsc#1138002).
    
      - xhci: Convert xhci_handshake() to use
        readl_poll_timeout_atomic() (bsc#1051510).
    
      - xhci: Use %zu for printing size_t type (bsc#1051510).
    
      - xhci: update bounce buffer with correct sg num
        (bsc#1051510)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050242"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066129"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068546"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075020"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103992"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1115688"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117158"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118139"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120091"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120423"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120566"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123454"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124503"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128904"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129770"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130699"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131565"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131673"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133320"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133612"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134597"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134936"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135056"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135120"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135278"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135281"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135312"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135315"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135316"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135320"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135330"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135492"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135542"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135556"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135758"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136206"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136430"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136435"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136438"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136439"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136478"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136598"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136881"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137151"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137152"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137153"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137372"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137444"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137996"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137998"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138000"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138002"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138003"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138005"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138007"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138008"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138009"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138011"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138012"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138014"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138016"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138017"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138019"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138374"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138375"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/19");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-debuginfo-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debuginfo-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debugsource-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-debuginfo-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-debuginfo-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debuginfo-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debugsource-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-debuginfo-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-devel-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-docs-html-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debugsource-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-macros-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-debugsource-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-qa-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-vanilla-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-syms-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debuginfo-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debugsource-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-4.12.14-lp150.12.64.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.64.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2201.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file driverset/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in netetlink/genetlink.c.(CVE-2019-15921)An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.(CVE-2019-15927)An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.(CVE-2019-15807)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-11-08
    plugin id130663
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130663
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2201)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130663);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2018-10853",
        "CVE-2018-1128",
        "CVE-2018-20976",
        "CVE-2018-7492",
        "CVE-2019-10140",
        "CVE-2019-10142",
        "CVE-2019-10207",
        "CVE-2019-10638",
        "CVE-2019-1125",
        "CVE-2019-12818",
        "CVE-2019-14814",
        "CVE-2019-14815",
        "CVE-2019-14816",
        "CVE-2019-14821",
        "CVE-2019-14835",
        "CVE-2019-15098",
        "CVE-2019-15099",
        "CVE-2019-15118",
        "CVE-2019-15218",
        "CVE-2019-15219",
        "CVE-2019-15220",
        "CVE-2019-15221",
        "CVE-2019-15239",
        "CVE-2019-15292",
        "CVE-2019-15505",
        "CVE-2019-15538",
        "CVE-2019-15807",
        "CVE-2019-15921",
        "CVE-2019-15924",
        "CVE-2019-15926",
        "CVE-2019-15927",
        "CVE-2019-16233",
        "CVE-2019-16413",
        "CVE-2019-17052",
        "CVE-2019-17053",
        "CVE-2019-17054",
        "CVE-2019-17055",
        "CVE-2019-17056"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2201)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - The kernel package contains the Linux kernel (vmlinuz),
        the core of any Linux operating system. The kernel
        handles the basic functions of the operating system:
        memory allocation, process allocation, device input and
        output, etc.Security Fix(es):An issue was discovered in
        the Linux kernel before 5.2.3. Out of bounds access
        exists in the functions
        ath6kl_wmi_pstream_timeout_event_rx and
        ath6kl_wmi_cac_event_rx in the file
        driverset/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An
        issue was discovered in the Linux kernel before 5.0.6.
        There is a memory leak issue when idr_alloc() fails in
        genl_register_family() in
        netetlink/genetlink.c.(CVE-2019-15921)An issue was
        discovered in the Linux kernel before 4.20.2. An
        out-of-bounds access exists in the function
        build_audio_procunit in the file
        sound/usb/mixer.c.(CVE-2019-15927)An issue was
        discovered in the Linux kernel before 5.0.9. There is a
        use-after-free in atalk_proc_exit, related to
        net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and
        net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)An
        issue was discovered in fs/xfs/xfs_super.c in the Linux
        kernel before 4.18. A use after free exists, related to
        xfs_fs_fill_super failure.(CVE-2018-20976)In the Linux
        kernel before 5.1.13, there is a memory leak in
        drivers/scsi/libsas/sas_expander.c when SAS expander
        discovery fails. This will cause a BUG and denial of
        service.(CVE-2019-15807)A vulnerability was found in
        Linux kernel's, versions up to 3.10, implementation of
        overlayfs. An attacker with local access can create a
        denial of service situation via NULL pointer
        dereference in ovl_posix_acl_create function in
        fs/overlayfs/dir.c. This can allow attackers with
        ability to create directories on overlayfs to crash the
        kernel creating a denial of service
        (DOS).(CVE-2019-10140)In the Linux kernel, a certain
        net/ipv4/tcp_output.c change, which was properly
        incorporated into 4.16.12, was incorrectly backported
        to the earlier longterm kernels, introducing a new
        vulnerability that was potentially more severe than the
        issue that was intended to be fixed by backporting.
        Specifically, by adding to a write queue between
        disconnection and re-connection, a local attacker can
        trigger multiple use-after-free conditions. This can
        result in a kernel crash, or potentially in privilege
        escalation.(CVE-2019-15239)check_input_term in
        sound/usb/mixer.c in the Linux kernel through 5.2.9
        mishandles recursion, leading to kernel stack
        exhaustion.(CVE-2019-15118)drivers
        et/wireless/ath/ath10k/usb.c in the Linux kernel
        through 5.2.8 has a NULL pointer dereference via an
        incomplete address in an endpoint
        descriptor.(CVE-2019-15099)drivers
        et/wireless/ath/ath6kl/usb.c in the Linux kernel
        through 5.2.9 has a NULL pointer dereference via an
        incomplete address in an endpoint
        descriptor.(CVE-2019-15098)A flaw was found in the
        Linux kernel's Bluetooth implementation of UART. An
        attacker with local access and write permissions to the
        Bluetooth hardware could use this flaw to issue a
        specially crafted ioctl function call and cause the
        system to crash.(CVE-2019-10207)It was found that cephx
        authentication protocol did not verify ceph clients
        correctly and was vulnerable to replay attack. Any
        attacker having access to ceph cluster network who is
        able to sniff packets on network can use this
        vulnerability to authenticate with ceph service and
        perform actions allowed by ceph service. Ceph branches
        master, mimic, luminous and jewel are believed to be
        vulnerable.(CVE-2018-1128)ax25_create in
        net/ax25/af_ax25.c in the AF_AX25 network module in the
        Linux kernel through 5.3.2 does not enforce
        CAP_NET_RAW, which means that unprivileged users can
        create a raw socket, aka
        CID-0614e2b73768.(CVE-2019-17052)ieee802154_create in
        net/ieee802154/socket.c in the AF_IEEE802154 network
        module in the Linux kernel through 5.3.2 does not
        enforce CAP_NET_RAW, which means that unprivileged
        users can create a raw socket, aka
        CID-e69dbd4619e7.(CVE-2019-17053)atalk_create in
        net/appletalk/ddp.c in the AF_APPLETALK network module
        in the Linux kernel through 5.3.2 does not enforce
        CAP_NET_RAW, which means that unprivileged users can
        create a raw socket, aka
        CID-6cc03e8aa36c.(CVE-2019-17054)base_sock_create in
        drivers/isdn/mISDN/socket.c in the AF_ISDN network
        module in the Linux kernel through 5.3.2 does not
        enforce CAP_NET_RAW, which means that unprivileged
        users can create a raw socket, aka
        CID-b91ee4aa2a21.(CVE-2019-17055)llcp_sock_create in
        net fc/llcp_sock.c in the AF_NFC network module in the
        Linux kernel through 5.3.2 does not enforce
        CAP_NET_RAW, which means that unprivileged users can
        create a raw socket, aka
        CID-3a359798b176.(CVE-2019-17056)A flaw was found in
        the Linux kernel's freescale hypervisor manager
        implementation, kernel versions 5.0.x up to, excluding
        5.0.17. A parameter passed to an ioctl was incorrectly
        validated and used in size calculations for the page
        size calculation. An attacker can use this flaw to
        crash the system, corrupt memory, or create other
        adverse security
        affects.(CVE-2019-10142)drivers/media/usb/dvb-usb/techn
        isat-usb2.c in the Linux kernel through 5.2.9 has an
        out-of-bounds read via crafted USB device traffic
        (which may be remote via usbip or
        usbredir).(CVE-2019-15505)An issue was discovered in
        the Linux kernel before 5.0.4. The 9p filesystem did
        not protect i_size_write() properly, which causes an
        i_size_read() infinite loop and denial of service on
        SMP systems.(CVE-2019-16413)An issue was discovered in
        xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux
        kernel through 5.2.9. XFS partially wedges when a chgrp
        fails on account of being out of disk quota.
        xfs_setattr_nonsize is failing to unlock the ILOCK
        after the xfs_qm_vop_chown_reserve call fails. This is
        primarily a local DoS attack vector, but it might
        result as well in remote DoS if the XFS filesystem is
        exported for instance via NFS.(CVE-2019-15538)A buffer
        overflow flaw was found, in versions from 2.6.34 to
        5.2.x, in the way Linux kernel's vhost functionality
        that translates virtqueue buffers to IOVs, logged the
        buffer descriptors during migration. A privileged guest
        user able to pass descriptors with invalid length to
        the host when migration is underway, could use this
        flaw to increase their privileges on the
        host.(CVE-2019-14835)An out-of-bounds access issue was
        found in the Linux kernel, all versions through 5.3, in
        the way Linux kernel's KVM hypervisor implements the
        Coalesced MMIO write operation. It operates on an MMIO
        ring buffer 'struct kvm_coalesced_mmio' object, wherein
        write indices 'ring->first' and 'ring->last' value
        could be supplied by a host user-space process. An
        unprivileged host user or process with access to
        '/dev/kvm' device could use this flaw to crash the host
        kernel, resulting in a denial of service or potentially
        escalating privileges on the system.(CVE-2019-14821)An
        information disclosure vulnerability exists when
        certain central processing units (CPU) speculatively
        access memory, aka 'Windows Kernel Information
        Disclosure Vulnerability'.
        (CVE-2019-1125)drivers/scsi/qla2xxx/qla_os.c in the
        Linux kernel 5.2.14 does not check the alloc_workqueue
        return value, leading to a NULL pointer
        dereference.(CVE-2019-16233)An issue was discovered in
        the Linux kernel before 5.0.11. fm10k_init_module in
        drivers et/ethernet/intel/fm10k/fm10k_main.c has a NULL
        pointer dereference because there is no -ENOMEM upon an
        alloc_workqueue failure.(CVE-2019-15924)An issue was
        discovered in the Linux kernel before 5.2.1. There is a
        use-after-free caused by a malicious USB device in the
        drivers et/wireless/intersil/p54/p54usb.c
        driver.(CVE-2019-15220 )In the Linux kernel before
        5.1.7, a device can be tracked by an attacker using the
        IP ID values the kernel produces for connection-less
        protocols (e.g., UDP and ICMP). When such traffic is
        sent to multiple destination IP addresses, it is
        possible to obtain hash collisions (of indices to the
        counter array) and thereby obtain the hashing key (via
        enumeration). An attack may be conducted by hosting a
        crafted web page that uses WebRTC or gQUIC to force UDP
        traffic to attacker-controlled IP
        addresses.(CVE-2019-10638)There is heap-based buffer
        overflow in Linux kernel, all versions up to, excluding
        5.3, in the marvell wifi chip driver in Linux kernel,
        that allows local users to cause a denial of
        service(system crash) or possibly execute arbitrary
        code.( CVE-2019-14814)** RESERVED ** This candidate has
        been reserved by an organization or individual that
        will use it when announcing a new security problem.
        When the candidate has been publicized, the details for
        this candidate will be provided.( CVE-2019-14815)There
        is heap-based buffer overflow in kernel, all versions
        up to, excluding 5.3, in the marvell wifi chip driver
        in Linux kernel, that allows local users to cause a
        denial of service(system crash) or possibly execute
        arbitrary code.( CVE-2019-14816)A flaw was found in the
        way Linux kernel KVM hypervisor emulated instructions
        such as sgdt/sidt/fxsave/fxrstor. It did not check
        current privilege(CPL) level while emulating
        unprivileged instructions. An unprivileged guest
        user/process could use this flaw to potentially
        escalate privileges inside guest.(CVE-2018-10853)A NULL
        pointer dereference was found in the net/rds/rdma.c
        __rds_rdma_map() function in the Linux kernel before
        4.14.7 allowing local attackers to cause a system panic
        and a denial-of-service, related to RDS_GET_MR and
        RDS_GET_MR_FOR_DEST.(CVE-2018-7492)An issue was
        discovered in the Linux kernel before 4.20.15. The
        nfc_llcp_build_tlv function in net fc/llcp_commands.c
        may return NULL. If the caller does not check for this,
        it will trigger a NULL pointer dereference. This will
        cause denial of service. This affects nfc_llcp_build_gb
        in netfc/llcp_core.c.(CVE-2019-12818)An issue was
        discovered in the Linux kernel before 5.1.8. There is a
        NULL pointer dereference caused by a malicious USB
        device in the drivers/media/usb/siano/smsusb.c
        driver.(CVE-2019-15218)An issue was discovered in the
        Linux kernel before 5.1.8. There is a NULL pointer
        dereference caused by a malicious USB device in the
        drivers/usb/misc/sisusbvga/sisusb.c
        driver.(CVE-2019-15219)An issue was discovered in the
        Linux kernel before 5.1.17. There is a NULL pointer
        dereference caused by a malicious USB device in the
        sound/usb/line6/pcm.c driver.(CVE-2019-15221)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2201
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b3a7512b");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.2.h291.eulerosv2r7",
            "kernel-devel-3.10.0-862.14.1.2.h291.eulerosv2r7",
            "kernel-headers-3.10.0-862.14.1.2.h291.eulerosv2r7",
            "kernel-tools-3.10.0-862.14.1.2.h291.eulerosv2r7",
            "kernel-tools-libs-3.10.0-862.14.1.2.h291.eulerosv2r7",
            "perf-3.10.0-862.14.1.2.h291.eulerosv2r7",
            "python-perf-3.10.0-862.14.1.2.h291.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1570.NASL
    descriptionExample: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. (bsc#1137586) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291). - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293). - CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id126033
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126033
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4094-1.NASL
    descriptionIt was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127889
    published2019-08-14
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127889
    titleUbuntu 16.04 LTS / 18.04 LTS : linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, (USN-4094-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1550-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-12819: The function __mdiobus_register() called put_device(), which triggered a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291) CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293) CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bsc#1136424) CVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699, CVE-2019-10124). CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests. (bbsc#1133190) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281) CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc##1111331) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603) CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1103186) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bsc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bsc#1135278) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a
    last seen2020-05-12
    modified2019-06-19
    plugin id126045
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126045
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1823-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP 2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visited the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id126688
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126688
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1823-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2430-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1103186)CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1111331)CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586) CVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699). CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bsc#1133188) CVE-2019-11811: An issue was discovered in the Linux kernel There was a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module was removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (bsc#1134397) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests. (bsc#1133190) CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a
    last seen2020-05-12
    modified2019-09-24
    plugin id129284
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129284
    titleSUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1926.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Security Fix(es):A flaw was found in the Linux kernel
    last seen2020-04-16
    modified2019-09-17
    plugin id128929
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128929
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1855-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575] CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id126744
    published2019-07-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126744
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1855-1) (SACK Slowness)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2353.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):The yam_ioctl function in drivers et/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2187)Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.(CVE-2016-2384)The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.(CVE-2016-2782)The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138)The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3140)The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.(CVE-2016-3689)The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.(CVE-2016-4569)sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.(CVE-2016-4578)The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.(CVE-2016-7425)The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.(CVE-2017-1000379)In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes(CVE-2017-11089)An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.(CVE-2017-13167)In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216)A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.(CVE-2017-13305)An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.(CVE-2017-14051)The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.(CVE-2017-18232)An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.(CVE-2018-10322)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.(CVE-2018-12896)An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.(CVE-2018-17972)An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.(CVE-2018-18710 )An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers et/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.(CVE-2018-20511)An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518 )Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-12-10
    plugin id131845
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131845
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2274.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.(CVE-2017-5754)The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.(CVE-2017-5897)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.(CVE-2017-7518)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.(CVE-2018-1066)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.(CVE-2018-13094)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant.(CVE-2018-7995)In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.(CVE-2018-9363)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-11-08
    plugin id130736
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130736
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1851-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id126741
    published2019-07-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126741
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1851-1) (SACK Slowness)

References