Vulnerabilities > CVE-2019-14898 - Improper Locking vulnerability in multiple products
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Race Conditions via Symbolic Links This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to her. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file she will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20200205_KERNEL_ON_SL7_X.NASL description Security Fix(es) : - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133) - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) Bug Fix(es) : - [Azure][7.8] Include patch last seen 2020-03-18 modified 2020-02-07 plugin id 133538 published 2020-02-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133538 title Scientific Linux Security Update : kernel on SL7.x x86_64 (20200205) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(133538); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2019-11599", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"); script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20200205)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133) - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) Bug Fix(es) : - [Azure][7.8] Include patch 'PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it' (BZ#1766089) - [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat, network interface(eth0) moved to new network namespace does not obtain IP address. (BZ#1766093) - [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed (BZ#1766097) - SMB3: Do not error out on large file transfers if server responds with STATUS_INSUFFICIENT_RESOURCES (BZ#1767621) - Since RHEL commit 5330f5d09820 high load can cause dm-multipath path failures (BZ#1770113) - Hard lockup in free_one_page()->_raw_spin_lock() because sosreport command is reading from /proc/pagetypeinfo (BZ#1770732) - patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812) - fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64 (BZ#1775678) - Guest crash after load cpuidle-haltpoll driver (BZ#1776289) - RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1776290) - Multiple 'mv' processes hung on a gfs2 filesystem (BZ#1777297) - Moving Egress IP will result in conntrack sessions being DESTROYED (BZ#1779564) - core: backports from upstream (BZ#1780033) - kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148) - Race between tty_open() and flush_to_ldisc() using the tty_struct->driver_data field. (BZ#1780163)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1766089" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1766093" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1766097" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1767621" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1770113" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1770732" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1772812" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1775678" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1776289" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1776290" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1777297" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1779564" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1780033" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1780148" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1780163" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2002&L=SCIENTIFIC-LINUX-ERRATA&P=1046 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?177fd584" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bpftool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bpftool-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bpftool-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0375.NASL description An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522) * kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322) * kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157) * kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057) last seen 2020-06-01 modified 2020-06-02 plugin id 133484 published 2020-02-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133484 title RHEL 7 : kernel-rt (RHSA-2020:0375) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0375. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(133484); script_version("1.2"); script_cvs_date("Date: 2020/02/07"); script_cve_id("CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"); script_xref(name:"RHSA", value:"2020:0375"); script_name(english:"RHEL 7 : kernel-rt (RHSA-2020:0375)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522) * kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322) * kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157) * kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057)" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0375" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14816" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14895" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14898" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14901" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-17133" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/20"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2020:0375"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2020:0375"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-kvm-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-kvm-debuginfo-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-devel-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"kernel-rt-doc-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-kvm-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-kvm-debuginfo-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-kvm-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-kvm-debuginfo-3.10.0-1062.12.1.rt56.1042.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc"); } }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-0375.NASL description An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522) * kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322) * kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157) * kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057) last seen 2020-02-10 modified 2020-02-02 plugin id 133508 published 2020-02-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133508 title CentOS 7 : kernel (CESA-2020:0375) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2020/03/06. Advisory is redundant and erroneous. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0375 and # CentOS Errata and Security Advisory 2020:0375 respectively. # include("compat.inc"); if (description) { script_id(133508); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09"); script_cve_id("CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"); script_xref(name:"RHSA", value:"2020:0375"); script_name(english:"CentOS 7 : kernel (CESA-2020:0375) (deprecated)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522) * kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322) * kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157) * kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057) This plugin has been deprecated. Although RHSA-2020:0375 exists, it is for kernel-rt, which does not exist on CentOS. This CentOS copy of the advisory duplicates the CVEs and packages from the non-rt kernel in RHSA-2020:0374." ); # https://lists.centos.org/pipermail/centos-announce/2020-February/035620.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?633091f1" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14901"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bpftool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/20"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated. It is entirely redundant to 2020:0374."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bpftool-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-doc-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-headers-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perf-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-perf-3.10.0-1062.12.1.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-0374.NASL description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][7.8] Include patch last seen 2020-03-17 modified 2020-02-27 plugin id 134087 published 2020-02-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134087 title CentOS 7 : kernel (CESA-2020:0374) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0374 and # CentOS Errata and Security Advisory 2020:0374 respectively. # include("compat.inc"); if (description) { script_id(134087); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/02"); script_cve_id("CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"); script_xref(name:"RHSA", value:"2020:0374"); script_name(english:"CentOS 7 : kernel (CESA-2020:0374)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][7.8] Include patch 'PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it' (BZ#1766089) * [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat, network interface(eth0) moved to new network namespace does not obtain IP address. (BZ#1766093) * [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed (BZ#1766097) * SMB3: Do not error out on large file transfers if server responds with STATUS_INSUFFICIENT_RESOURCES (BZ#1767621) * Since RHEL commit 5330f5d09820 high load can cause dm-multipath path failures (BZ#1770113) * Hard lockup in free_one_page()->_raw_spin_lock() because sosreport command is reading from /proc/pagetypeinfo (BZ#1770732) * patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812) * fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64 (BZ #1775678) * Guest crash after load cpuidle-haltpoll driver (BZ#1776289) * RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1776290) * Multiple 'mv' processes hung on a gfs2 filesystem (BZ#1777297) * Moving Egress IP will result in conntrack sessions being DESTROYED (BZ# 1779564) * core: backports from upstream (BZ#1780033) * kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148) * Race between tty_open() and flush_to_ldisc() using the tty_struct-> driver_data field. (BZ#1780163)" ); # https://lists.centos.org/pipermail/centos-announce/2020-February/035645.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?65128778" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14901"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bpftool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/20"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bpftool-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-doc-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-headers-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perf-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-perf-3.10.0-1062.12.1.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0374.NASL description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][7.8] Include patch last seen 2020-06-01 modified 2020-06-02 plugin id 133483 published 2020-02-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133483 title RHEL 7 : kernel (RHSA-2020:0374) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0374. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(133483); script_version("1.2"); script_cvs_date("Date: 2020/02/07"); script_cve_id("CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"); script_xref(name:"RHSA", value:"2020:0374"); script_name(english:"RHEL 7 : kernel (RHSA-2020:0374)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][7.8] Include patch 'PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it' (BZ#1766089) * [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat, network interface(eth0) moved to new network namespace does not obtain IP address. (BZ#1766093) * [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed (BZ#1766097) * SMB3: Do not error out on large file transfers if server responds with STATUS_INSUFFICIENT_RESOURCES (BZ#1767621) * Since RHEL commit 5330f5d09820 high load can cause dm-multipath path failures (BZ#1770113) * Hard lockup in free_one_page()->_raw_spin_lock() because sosreport command is reading from /proc/pagetypeinfo (BZ#1770732) * patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812) * fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64 (BZ #1775678) * Guest crash after load cpuidle-haltpoll driver (BZ#1776289) * RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1776290) * Multiple 'mv' processes hung on a gfs2 filesystem (BZ#1777297) * Moving Egress IP will result in conntrack sessions being DESTROYED (BZ# 1779564) * core: backports from upstream (BZ#1780033) * kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148) * Race between tty_open() and flush_to_ldisc() using the tty_struct-> driver_data field. (BZ#1780163)" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0374" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14816" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14895" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14898" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-14901" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-17133" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/20"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14898", "CVE-2019-14901", "CVE-2019-17133"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2020:0374"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2020:0374"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"bpftool-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"bpftool-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"bpftool-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"bpftool-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"kernel-abi-whitelists-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"kernel-doc-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-headers-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perf-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-perf-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-1062.12.1.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc"); } }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1606.NASL description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.(CVE-2019-19377) - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.(CVE-2019-14898) - A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.(CVE-2020-12114) - usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.(CVE-2020-12464) - The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a last seen 2020-06-06 modified 2020-06-02 plugin id 137024 published 2020-06-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137024 title EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1606) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-0339.NASL description From Red Hat Security Advisory 2020:0339 : An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][8.1] Include patch last seen 2020-06-01 modified 2020-06-02 plugin id 133591 published 2020-02-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133591 title Oracle Linux 8 : kernel (ELSA-2020-0339) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0014_KERNEL-RT.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in the Linux kernel last seen 2020-04-30 modified 2020-04-21 plugin id 135762 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135762 title NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0014) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-0374.NASL description From Red Hat Security Advisory 2020:0374 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][7.8] Include patch last seen 2020-06-01 modified 2020-06-02 plugin id 133514 published 2020-02-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133514 title Oracle Linux 7 : kernel (ELSA-2020-0374) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0010_KERNEL.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2019-14816) - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895) - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. (CVE-2019-14901) - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2020-03-08 plugin id 134320 published 2020-03-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134320 title NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2020-0010) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0339.NASL description An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][8.1] Include patch last seen 2020-06-01 modified 2020-06-02 plugin id 133480 published 2020-02-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133480 title RHEL 8 : kernel (RHSA-2020:0339) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0328.NASL description An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * kernel-rt: update RT source tree to the RHEL-8.1.z2 source tree (BZ# 1780326) last seen 2020-06-01 modified 2020-06-02 plugin id 133477 published 2020-02-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133477 title RHEL 8 : kernel-rt (RHSA-2020:0328)
Redhat
rpms |
|
References
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://www.oracle.com/security-alerts/cpuApr2021.html