Vulnerabilities > CVE-2019-15118 - Uncontrolled Recursion vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
linux
canonical
debian
opensuse
netapp
CWE-674
nessus
NVD
Published: 2019-08-16
Updated: 2024-02-03

Summary

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

Vulnerable Configurations

Part Description Count
OS
Linux
4117
OS
Canonical
4
OS
Debian
3
OS
Opensuse
2
OS
Netapp
2
Application
Netapp
4
Hardware
Netapp
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4147-1.NASL
    descriptionIt was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. (CVE-2019-15538) It was discovered that the Hisilicon HNS3 ethernet device driver in the Linux kernel contained an out of bounds access vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2019-15925) It was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2019-15926) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) It was discovered that the Line 6 USB driver for the Linux kernel contained a race condition when the device was disconnected. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15223). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129677
    published2019-10-07
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129677
    titleUbuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, (USN-4147-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4147-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(129677);
  script_version("1.2");
  script_cvs_date("Date: 2019/12/19");

  script_cve_id("CVE-2019-0136", "CVE-2019-10207", "CVE-2019-13631", "CVE-2019-15090", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15223", "CVE-2019-15538", "CVE-2019-15925", "CVE-2019-15926", "CVE-2019-9506");
  script_xref(name:"USN", value:"4147-1");

  script_name(english:"Ubuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, (USN-4147-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the Intel Wi-Fi device driver in the Linux
kernel did not properly validate certain Tunneled Direct Link Setup
(TDLS). A physically proximate attacker could use this to cause a
denial of service (Wi-Fi disconnect). (CVE-2019-0136)

It was discovered that the Bluetooth UART implementation in the Linux
kernel did not properly check for missing tty operations. A local
attacker could use this to cause a denial of service. (CVE-2019-10207)

It was discovered that the GTCO tablet input driver in the Linux
kernel did not properly bounds check the initial HID report sent by
the device. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2019-13631)

It was discovered that an out-of-bounds read existed in the QLogic
QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker
could possibly use this to expose sensitive information (kernel
memory). (CVE-2019-15090)

Hui Peng and Mathias Payer discovered that the USB audio driver for
the Linux kernel did not properly validate device meta data. A
physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2019-15117)

Hui Peng and Mathias Payer discovered that the USB audio driver for
the Linux kernel improperly performed recursion while handling device
meta data. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2019-15118)

It was discovered that the Raremono AM/FM/SW radio device driver in
the Linux kernel did not properly allocate memory, leading to a
use-after-free. A physically proximate attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2019-15211)

It was discovered at a double-free error existed in the USB Rio 500
device driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service. (CVE-2019-15212)

It was discovered that a race condition existed in the CPiA2
video4linux device driver for the Linux kernel, leading to a
use-after-free. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-15215)

It was discovered that a race condition existed in the Softmac USB
Prism54 device driver in the Linux kernel. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15220)

Benjamin Moody discovered that the XFS file system in the Linux kernel
did not properly handle an error condition when out of disk quota. A
local attacker could possibly use this to cause a denial of service.
(CVE-2019-15538)

It was discovered that the Hisilicon HNS3 ethernet device driver in
the Linux kernel contained an out of bounds access vulnerability. A
local attacker could use this to possibly cause a denial of service
(system crash). (CVE-2019-15925)

It was discovered that the Atheros mobile chipset driver in the Linux
kernel did not properly validate data in some situations. An attacker
could use this to cause a denial of service (system crash).
(CVE-2019-15926)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen
discovered that the Bluetooth protocol BR/EDR specification did not
properly require sufficiently strong encryption key lengths. A
physically proximate attacker could use this to expose sensitive
information. (CVE-2019-9506)

It was discovered that ZR364XX Camera USB device driver for the Linux
kernel did not properly initialize memory. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15217)

It was discovered that the Siano USB MDTV receiver device driver in
the Linux kernel made improper assumptions about the device
characteristics. A physically proximate attacker could use this cause
a denial of service (system crash). (CVE-2019-15218)

It was discovered that the Line 6 POD USB device driver in the Linux
kernel did not properly validate data size information from the
device. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2019-15221)

It was discovered that the Line 6 USB driver for the Linux kernel
contained a race condition when the device was disconnected. A
physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2019-15223).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/4147-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/07");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 19.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2019-0136", "CVE-2019-10207", "CVE-2019-13631", "CVE-2019-15090", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15223", "CVE-2019-15538", "CVE-2019-15925", "CVE-2019-15926", "CVE-2019-9506");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4147-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.0.0-1020-gke", pkgver:"5.0.0-1020.20~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.0.0-31-generic", pkgver:"5.0.0-31.33~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.0.0-31-generic-lpae", pkgver:"5.0.0-31.33~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.0.0-31-lowlatency", pkgver:"5.0.0-31.33~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-lpae-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-gke-5.0", pkgver:"5.0.0.1020.9")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-lowlatency-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-snapdragon-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-virtual-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1018-aws", pkgver:"5.0.0-1018.20")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1019-kvm", pkgver:"5.0.0-1019.20")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1019-raspi2", pkgver:"5.0.0-1019.19")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1020-gcp", pkgver:"5.0.0-1020.20")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1022-azure", pkgver:"5.0.0-1022.23")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1023-snapdragon", pkgver:"5.0.0-1023.24")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-31-generic", pkgver:"5.0.0-31.33")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-31-generic-lpae", pkgver:"5.0.0-31.33")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-31-lowlatency", pkgver:"5.0.0-31.33")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-aws", pkgver:"5.0.0.1018.19")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-azure", pkgver:"5.0.0.1022.21")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-gcp", pkgver:"5.0.0.1020.46")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-generic", pkgver:"5.0.0.31.32")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-generic-lpae", pkgver:"5.0.0.31.32")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-gke", pkgver:"5.0.0.1020.46")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-kvm", pkgver:"5.0.0.1019.19")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-lowlatency", pkgver:"5.0.0.31.32")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-raspi2", pkgver:"5.0.0.1019.16")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-snapdragon", pkgver:"5.0.0.1023.16")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-virtual", pkgver:"5.0.0.31.32")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-5.0-aws / linux-image-5.0-azure / linux-image-5.0-gcp / etc");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2950-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130950
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130950
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:2950-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(130950);
  script_version("1.2");
  script_cvs_date("Date: 2019/12/12");

  script_cve_id("CVE-2016-10906", "CVE-2017-18509", "CVE-2017-18551", "CVE-2017-18595", "CVE-2018-12207", "CVE-2018-20976", "CVE-2019-10207", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-11477", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15098", "CVE-2019-15118", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15290", "CVE-2019-15291", "CVE-2019-15505", "CVE-2019-15807", "CVE-2019-15902", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16413", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-9456", "CVE-2019-9506");

  script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed :

CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit
a race condition in the Instruction Fetch Unit of the Intel CPU to
cause a Machine Exception during Page Size Change, causing the CPU
core to be non-functional.

The Linux Kernel KVM hypervisor was adjusted to avoid page size
changes in executable pages by splitting / merging huge pages into
small pages as needed. More information can be found on
https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135:
Aborting an asynchronous TSX operation on Intel CPUs with
Transactional Memory support could be used to facilitate sidechannel
information leaks out of microarchitectural buffers, similar to the
previously described 'Microarchitectural Data Sampling' attack.

The Linux kernel was supplemented with the option to disable TSX
operation altogether (requiring CPU Microcode updates on older
systems) and better flushing of microarchitectural buffers (VERW).

The set of options available is described in our TID at
https://www.suse.com/support/kb/doc/?id=7024251 CVE-2019-16233:
drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return
value, leading to a NULL pointer dereference. (bsc#1150457).

CVE-2019-10220: Added sanity checks on the pathnames passed to the
user space. (bsc#1144903).

CVE-2019-16232: Fix a potential NULL pointer dereference in the
Marwell libertas driver (bsc#1150465).

CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue
return value, leading to a NULL pointer dereference. (bsc#1150452).

CVE-2019-17055: The AF_ISDN network module in the Linux kernel did not
enforce CAP_NET_RAW, which meant that unprivileged users could create
a raw socket (bnc#1152782).

CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW,
which meant that unprivileged users could create a raw socket
(bsc#1152788).

CVE-2019-16413: The 9p filesystem did not protect i_size_write()
properly, which caused an i_size_read() infinite loop and denial of
service on SMP systems (bnc#1151347).

CVE-2019-15902: A backporting issue was discovered that re-introduced
the Spectre vulnerability it had aimed to eliminate. This occurred
because the backport process depends on cherry picking specific
commits, and because two (correctly ordered) code lines were swapped
(bnc#1149376).

CVE-2019-15291: Fixed a NULL pointer dereference issue that could be
caused by a malicious USB device (bnc#11465).

CVE-2019-15807: Fixed a memory leak in the SCSI module that could be
abused to cause denial of service (bnc#1148938).

CVE-2019-14821: An out-of-bounds access issue was fixed in the
kernel's KVM hypervisor. An unprivileged host user or process with
access to '/dev/kvm' device could use this flaw to crash the host
kernel, resulting in a denial of service or potentially escalating
privileges on the system (bnc#1151350).

CVE-2019-15505: An out-of-bounds issue had been fixed that could be
caused by crafted USB device traffic (bnc#1147122).

CVE-2017-18595: A double free in allocate_trace_buffer was fixed
(bnc#1149555).

CVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost
functionality that translates virtqueue buffers to IOVs. A privileged
guest user able to pass descriptors with invalid length to the host
could use this flaw to increase their privileges on the host
(bnc#1150112).

CVE-2019-15216: A NULL pointer dereference was fixed that could be
malicious USB device (bnc#1146361).

CVE-2019-9456: An out-of-bounds write in the USB monitor driver has
been fixed. This issue could lead to local escalation of privilege
with System execution privileges needed. (bnc#1150025).

CVE-2019-15926: An out-of-bounds access was fixed in the
drivers/net/wireless/ath/ath6kl module. (bnc#1149527).

CVE-2019-15927: An out-of-bounds access was fixed in the
sound/usb/mixer module (bnc#1149522).

CVE-2019-15219: A NULL pointer dereference was fixed that could be
abused by a malicious USB device (bnc#1146524).

CVE-2019-15220: A use-after-free issue was fixed that could be caused
by a malicious USB device (bnc#1146526).

CVE-2019-15221: A NULL pointer dereference was fixed that could be
caused by a malicious USB device (bnc#1146529).

CVE-2019-14814: A heap-based buffer overflow was fixed in the marvell
wifi chip driver. That issue allowed local users to cause a denial of
service (system crash) or possibly execute arbitrary code
(bnc#1146512).

CVE-2019-14815: A missing length check while parsing WMM IEs was fixed
(bsc#1146512, bsc#1146514, bsc#1146516).

CVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip
driver was fixed. Local users would have abused this issue to cause a
denial of service (system crash) or possibly execute arbitrary code
(bnc#1146516).

CVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific
socket option, an attacker could control a pointer in kernel land and
cause an inet_csk_listen_stop general protection fault, or potentially
execute arbitrary code under certain circumstances. The issue can be
triggered as root (e.g., inside a default LXC container or with the
CAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477)

CVE-2019-9506: The Bluetooth BR/EDR specification used to permit
sufficiently low encryption key length and did not prevent an attacker
from influencing the key length negotiation. This allowed practical
brute-force attacks (aka 'KNOB') that could decrypt traffic and inject
arbitrary ciphertext without the victim noticing (bnc#1137865).

CVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath
was fixed (bnc#1146378).

CVE-2019-15290: A NULL pointer dereference in
ath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378).

CVE-2019-15212: A double-free issue was fixed in drivers/usb driver
(bnc#1146391).

CVE-2016-10906: A use-after-free issue was fixed in
drivers/net/ethernet/arc (bnc#1146584).

CVE-2019-15217: A a NULL pointer dereference issue caused by a
malicious USB device was fixed in the drivers/media/usb/zr364xx driver
(bnc#1146519).

CVE-2019-15218: A NULL pointer dereference caused by a malicious USB
device was fixed in the drivers/media/usb/siano driver (bnc#1146413).

CVE-2019-15215: A use-after-free issue caused by a malicious USB
device was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425).

CVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver
(bnc#1146285).

CVE-2017-18551: An out-of-bounds write was fixed in the drivers/i2c
driver (bnc#1146163).

CVE-2019-10207: Add checks for missing tty operations to prevent
unprivileged user to execute 0x0 address (bsc#1142857 bsc#1123959)

CVE-2019-15118: ALSA: usb-audio: Fix a stack-based buffer overflow bug
in check_input_term leading to kernel stack exhaustion (bsc#1145922).

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1117665"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1123959"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137865"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137944"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1139073"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1139751"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1142857"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1144903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1145477"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1145922"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146042"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146163"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146285"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146361"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146378"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146391"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146413"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146425"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146512"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146514"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146516"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146519"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146524"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146526"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146529"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146540"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146543"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146547"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146584"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1146612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1147122"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1148938"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1149376"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1149522"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1149527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1149555"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1150025"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1150112"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1150452"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1150457"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1150465"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1151347"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1151350"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1152782"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1152788"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1153119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1155671"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=999278"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-10906/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-18509/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-18551/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-18595/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-12207/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-20976/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-10207/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-10220/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11135/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11477/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-14814/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-14815/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-14816/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-14821/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-14835/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15098/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15118/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15212/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15215/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15216/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15217/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15218/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15219/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15220/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15221/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15290/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15291/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15505/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15807/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15902/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15926/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15927/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-16232/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-16233/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-16234/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-16413/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-17055/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-17056/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-9456/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-9506/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/support/kb/doc/?id=7023735"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/support/kb/doc/?id=7024251"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?00e1d55f"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2019-2950=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2019-2950=1

SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
SUSE-SLE-Module-Public-Cloud-12-2019-2950=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_124-default-1-2.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_124-xen-1-2.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"kernel-default-man-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-debuginfo-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debuginfo-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debugsource-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-devel-3.12.74-60.64.124.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-syms-3.12.74-60.64.124.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2263-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c (bnc#1142254). CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). CVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in sound/usb/mixer.c via mishandled recursion (bnc#1145922). CVE-2019-15117: Fixed out-of-bounds memory access in parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short descriptor (bnc#1145920). CVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id128470
    published2019-09-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128470
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:2263-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(128470);
  script_version("1.4");
  script_cvs_date("Date: 2020/02/18");

  script_cve_id("CVE-2018-20855", "CVE-2018-20856", "CVE-2019-10207", "CVE-2019-1125", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-3819");

  script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed :

CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358).

CVE-2018-20855: An issue was discovered in create_qp_common in
drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never
initialized, resulting in a leak of stack memory to userspace
(bsc#1143045).

CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service
by setup_format_params division-by-zero. Two consecutive ioctls can
trigger the bug: the first one should set the drive geometry with
.sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the
floppy format operation should be called. It can be triggered by an
unprivileged local user even when a floppy disk has not been inserted.
NOTE: QEMU creates the floppy device by default (bsc#1143189).

CVE-2019-14283: The function set_geometry in drivers/block/floppy.c
did not validate the sect and head fields, as demonstrated by an
integer overflow and out-of-bounds read. It can be triggered by an
unprivileged local user when a floppy disk has been inserted. NOTE:
QEMU creates the floppy device by default (bsc#1143191).

CVE-2019-11810: A NULL pointer dereference can occur when
megasas_create_frame_pool() fails in megasas_alloc_cmds() in
drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of
Service, related to a use-after-free (bsc#1134399).

CVE-2019-13648: In the Linux kernel on the powerpc platform, when
hardware transactional memory is disabled, a local user can cause a
denial of service (TM Bad Thing exception and system crash) via a
sigreturn() system call that sends a crafted signal frame. This
affects arch/powerpc/kernel/signal_32.c and
arch/powerpc/kernel/signal_64.c (bnc#1142254).

CVE-2019-13631: In parse_hid_report_descriptor in
drivers/input/tablet/gtco.c, a malicious USB device can send an HID
report that triggers an out-of-bounds write during generation of
debugging messages (bsc#1142023).

CVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in
sound/usb/mixer.c via mishandled recursion (bnc#1145922).

CVE-2019-15117: Fixed out-of-bounds memory access in
parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short
descriptor (bnc#1145920).

CVE-2019-3819: A flaw was fixed in the function
hid_debug_events_read() in drivers/hid/hid-debug.c file which may have
enter an infinite loop with certain parameters passed from a
userspace. A local privileged user ('root') could have caused a system
lock up and a denial of service (bnc#1123161).

CVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart
(bsc#1142857).

CVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c,
where certain error case are mishandled (bnc#1143048).

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1106061"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1123161"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1125674"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1127034"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1128977"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1130972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1133860"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1134399"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135335"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1135365"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1137584"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1139358"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1139826"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1140652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1140903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1140945"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1141181"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1141401"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1141402"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1141452"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1141453"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1141454"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1142023"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1142254"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1142857"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1143045"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1143048"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1143189"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1143191"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1143333"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1144257"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1144273"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1144288"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1144920"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1145920"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1145922"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-20855/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-20856/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-10207/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1125/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-11810/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-13631/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-13648/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-14283/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-14284/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15117/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-15118/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-3819/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20192263-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?144f001a"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud Crowbar 8:zypper in -t patch
SUSE-OpenStack-Cloud-Crowbar-8-2019-2263=1

SUSE OpenStack Cloud 8:zypper in -t patch
SUSE-OpenStack-Cloud-8-2019-2263=1

SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch
SUSE-SLE-SAP-12-SP3-2019-2263=1

SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2019-2263=1

SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-BCL-2019-2263=1

SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch
SUSE-SLE-HA-12-SP3-2019-2263=1

SUSE Enterprise Storage 5:zypper in -t patch
SUSE-Storage-5-2019-2263=1

SUSE CaaS Platform 3.0 :

To install this update, use the SUSE CaaS Platform Velum dashboard. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.

HPE Helion Openstack 8:zypper in -t patch
HPE-Helion-OpenStack-8-2019-2263=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15117");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kgraft-patch-4_4_180-94_103-default-1-4.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kgraft-patch-4_4_180-94_103-default-debuginfo-1-4.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-base-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-base-debuginfo-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-syms-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"s390x", reference:"kernel-default-man-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-debuginfo-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debuginfo-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debugsource-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-devel-4.4.180-94.103.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-syms-4.4.180-94.103.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2173.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14814: A heap overflow in mwifiex_set_uap_rates() function of Marvell was fixed. (bnc#1146512). - CVE-2019-14815: A heap overflow in mwifiex_set_wmm_params() function of Marvell Wifi Driver was fixed. (bnc#1146514). - CVE-2019-14816: A heap overflow in mwifiex_update_vs_ie() function of Marvell Wifi Driver was fixed. (bnc#1146516). - CVE-2019-14835: A vhost/vhost_net kernel buffer overflow could lead to guest to host kernel escape during live migration (bnc#1150112). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users
    last seen2020-04-01
    modified2019-09-25
    plugin id129339
    published2019-09-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129339
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-2173)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-2173.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(129339);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/31");

  script_cve_id("CVE-2017-18551", "CVE-2018-20976", "CVE-2018-21008", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14835", "CVE-2019-15030", "CVE-2019-15031", "CVE-2019-15090", "CVE-2019-15098", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15222", "CVE-2019-15239", "CVE-2019-15290", "CVE-2019-15292", "CVE-2019-15538", "CVE-2019-15666", "CVE-2019-15902", "CVE-2019-15917", "CVE-2019-15919", "CVE-2019-15920", "CVE-2019-15921", "CVE-2019-15924", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-9456");

  script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-2173)");
  script_summary(english:"Check for the openSUSE-2019-2173 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The openSUSE Leap 15.0 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed :

  - CVE-2017-18551: There was an out of bounds write in the
    function i2c_smbus_xfer_emulated (bnc#1146163).

  - CVE-2018-20976: A use after free exists, related to
    xfs_fs_fill_super failure (bnc#1146285).

  - CVE-2018-21008: A use-after-free can be caused by the
    function rsi_mac80211_detach in the file
    drivers/net/wireless/rsi/rsi_91x_mac80211.c
    (bnc#1149591).

  - CVE-2019-14814: A heap overflow in
    mwifiex_set_uap_rates() function of Marvell was fixed.
    (bnc#1146512).

  - CVE-2019-14815: A heap overflow in
    mwifiex_set_wmm_params() function of Marvell Wifi Driver
    was fixed. (bnc#1146514).

  - CVE-2019-14816: A heap overflow in
    mwifiex_update_vs_ie() function of Marvell Wifi Driver
    was fixed. (bnc#1146516).

  - CVE-2019-14835: A vhost/vhost_net kernel buffer overflow
    could lead to guest to host kernel escape during live
    migration (bnc#1150112).

  - CVE-2019-15030: In the Linux kernel on the powerpc
    platform, a local user can read vector registers of
    other users' processes via a Facility Unavailable
    exception. To exploit the venerability, a local user
    starts a transaction (via the hardware transactional
    memory instruction tbegin) and then accesses vector
    registers. At some point, the vector registers will be
    corrupted with the values from a different local Linux
    process because of a missing
    arch/powerpc/kernel/process.c check (bnc#1149713).

  - CVE-2019-15031: In the Linux kernel on the powerpc
    platform, a local user can read vector registers of
    other users' processes via an interrupt. To exploit the
    venerability, a local user starts a transaction (via the
    hardware transactional memory instruction tbegin) and
    then accesses vector registers. At some point, the
    vector registers will be corrupted with the values from
    a different local Linux process, because MSR_TM_ACTIVE
    is misused in arch/powerpc/kernel/process.c
    (bnc#1149713).

  - CVE-2019-15090: In the qedi_dbg_* family of functions,
    there was an out-of-bounds read (bnc#1146399).

  - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c
    had a NULL pointer dereference via an incomplete address
    in an endpoint descriptor (bnc#1146378).

  - CVE-2019-15117: parse_audio_mixer_unit in
    sound/usb/mixer.c in the Linux kernel mishandled a short
    descriptor, leading to out-of-bounds memory access
    (bnc#1145920).

  - CVE-2019-15118: check_input_term in sound/usb/mixer.c in
    the Linux kernel mishandled recursion, leading to kernel
    stack exhaustion (bnc#1145922).

  - CVE-2019-15211: There was a use-after-free caused by a
    malicious USB device in the
    drivers/media/v4l2-core/v4l2-dev.c driver because
    drivers/media/radio/radio-raremono.c did not properly
    allocate memory (bnc#1146519).

  - CVE-2019-15212: There was a double-free caused by a
    malicious USB device in the drivers/usb/misc/rio500.c
    driver (bnc#1146391).

  - CVE-2019-15214: There was a use-after-free in the sound
    subsystem because card disconnection causes certain data
    structures to be deleted too early. This is related to
    sound/core/init.c and sound/core/info.c (bnc#1146550).

  - CVE-2019-15215: There was a use-after-free caused by a
    malicious USB device in the
    drivers/media/usb/cpia2/cpia2_usb.c driver
    (bnc#1146425).

  - CVE-2019-15216: There was a NULL pointer dereference
    caused by a malicious USB device in the
    drivers/usb/misc/yurex.c driver (bnc#1146361).

  - CVE-2019-15217: There was a NULL pointer dereference
    caused by a malicious USB device in the
    drivers/media/usb/zr364xx/zr364xx.c driver
    (bnc#1146547).

  - CVE-2019-15218: There was a NULL pointer dereference
    caused by a malicious USB device in the
    drivers/media/usb/siano/smsusb.c driver (bnc#1146413).

  - CVE-2019-15219: There was a NULL pointer dereference
    caused by a malicious USB device in the
    drivers/usb/misc/sisusbvga/sisusb.c driver
    (bnc#1146524).

  - CVE-2019-15220: There was a use-after-free caused by a
    malicious USB device in the
    drivers/net/wireless/intersil/p54/p54usb.c driver
    (bnc#1146526).

  - CVE-2019-15221: There was a NULL pointer dereference
    caused by a malicious USB device in the
    sound/usb/line6/pcm.c driver (bnc#1146529).

  - CVE-2019-15222: There was a NULL pointer dereference
    caused by a malicious USB device in the
    sound/usb/helper.c (motu_microbookii) driver
    (bnc#1146531).

  - CVE-2019-15239: In the Linux kernel, a certain
    net/ipv4/tcp_output.c change, which was properly
    incorporated into 4.16.12, was incorrectly backported to
    the earlier longterm kernels, introducing a new
    vulnerability that was potentially more severe than the
    issue that was intended to be fixed by backporting.
    Specifically, by adding to a write queue between
    disconnection and re-connection, a local attacker can
    trigger multiple use-after-free conditions. This can
    result in a kernel crash, or potentially in privilege
    escalation. (bnc#1146589)

  - CVE-2019-15290: There was a NULL pointer dereference
    caused by a malicious USB device in the
    ath6kl_usb_alloc_urb_from_pipe function in the
    drivers/net/wireless/ath/ath6kl/usb.c driver
    (bnc#1146378 bnc#1146543).

  - CVE-2019-15292: There was a use-after-free in
    atalk_proc_exit, related to net/appletalk/atalk_proc.c,
    net/appletalk/ddp.c, and
    net/appletalk/sysctl_net_atalk.c (bnc#1146678).

  - CVE-2019-15538: XFS partially wedges when a chgrp fails
    on account of being out of disk quota.
    xfs_setattr_nonsize is failing to unlock the ILOCK after
    the xfs_qm_vop_chown_reserve call fails. This is
    primarily a local DoS attack vector, but it might result
    as well in remote DoS if the XFS filesystem is exported
    for instance via NFS (bnc#1148093).

  - CVE-2019-15666: There was an out-of-bounds array access
    in __xfrm_policy_unlink, which will cause denial of
    service, because verify_newpolicy_info in
    net/xfrm/xfrm_user.c mishandled directory validation
    (bnc#1148394).

  - CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix
    possible spectre-v1 in ptrace_get_debugreg()' commit
    reintroduced the Spectre vulnerability that it aimed to
    eliminate. This occurred because the backport process
    depends on cherry picking specific commits, and because
    two (correctly ordered) code lines were swapped
    (bnc#1149376).

  - CVE-2019-15917: There was a use-after-free issue when
    hci_uart_register_dev() fails in hci_uart_set_proto() in
    drivers/bluetooth/hci_ldisc.c (bnc#1149539).

  - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a
    use-after-free (bnc#1149552).

  - CVE-2019-15920: An issue was discovered in the Linux
    kernel SMB2_read in fs/cifs/smb2pdu.c had a
    use-after-free. NOTE: this was not fixed correctly in
    5.0.10; see the 5.0.11 ChangeLog, which documents a
    memory leak (bnc#1149626).

  - CVE-2019-15921: There was a memory leak issue when
    idr_alloc() fails in genl_register_family() in
    net/netlink/genetlink.c (bnc#1149602).

  - CVE-2019-15924: The fm10k_init_module in
    drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL
    pointer dereference because there is no -ENOMEM upon an
    alloc_workqueue failure (bnc#1149612).

  - CVE-2019-15926: Out of bounds access exists in the
    functions ath6kl_wmi_pstream_timeout_event_rx and
    ath6kl_wmi_cac_event_rx in the file
    drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527).

  - CVE-2019-15927: An out-of-bounds access exists in the
    function build_audio_procunit in the file
    sound/usb/mixer.c (bnc#1149522).

  - CVE-2019-9456: In USB monitor driver there is a possible
    OOB write due to a missing bounds check. This could lead
    to local escalation of privilege with System execution
    privileges needed. User interaction is not needed for
    exploitation (bnc#1150025).

The following non-security bugs were fixed :

  - ACPICA: Increase total number of possible Owner IDs
    (bsc#1148859).

  - ACPI: fix false-positive -Wuninitialized warning
    (bsc#1051510).

  - Add missing structs and defines from recent SMB3.1.1
    documentation (bsc#1144333).

  - Add new flag on SMB3.1.1 read (bsc#1144333).

  - address lock imbalance warnings in smbdirect.c
    (bsc#1144333).

  - Add some missing debug fields in server and tcon structs
    (bsc#1144333).

  - add some missing definitions (bsc#1144333).

  - Add some qedf commits to blacklist file (bsc#1149976)

  - Add vers=3.0.2 as a valid option for SMBv3.0.2
    (bsc#1144333).

  - ALSA: firewire: fix a memory leak bug (bsc#1051510).

  - ALSA: hda - Add a generic reboot_notify (bsc#1051510).

  - ALSA: hda - Apply workaround for another AMD chip
    1022:1487 (bsc#1051510).

  - ALSA: hda - Do not override global PCM hw info flag
    (bsc#1051510).

  - ALSA: hda - Fix a memory leak bug (bsc#1051510).

  - ALSA: hda - Fix potential endless loop at applying
    quirks (bsc#1051510).

  - ALSA: hda: kabi workaround for generic parser flag
    (bsc#1051510).

  - ALSA: hda - Let all conexant codec enter D3 when
    rebooting (bsc#1051510).

  - ALSA: hda/realtek - Fix overridden device-specific
    initialization (bsc#1051510).

  - ALSA: hda/realtek - Fix the problem of two front mics on
    a ThinkCentre (bsc#1051510).

  - ALSA: hda - Workaround for crackled sound on AMD
    controller (1022:1457) (bsc#1051510).

  - ALSA: hiface: fix multiple memory leak bugs
    (bsc#1051510).

  - ALSA: line6: Fix memory leak at line6_init_pcm() error
    path (bsc#1051510).

  - ALSA: seq: Fix potential concurrent access to the
    deleted pool (bsc#1051510).

  - ASoC: dapm: Fix handling of custom_stop_condition on
    DAPM graph walks (bsc#1051510).

  - ASoC: Fail card instantiation if DAI format setup fails
    (bsc#1051510).

  - batman-adv: fix uninit-value in
    batadv_netlink_get_ifindex() (bsc#1051510).

  - batman-adv: Only read OGM2 tvlv_len after buffer len
    check (bsc#1051510).

  - batman-adv: Only read OGM tvlv_len after buffer len
    check (bsc#1051510).

  - bcache: fix possible memory leak in bch_cached_dev_run()
    (git fixes).

  - bio: fix improper use of smp_mb__before_atomic() (git
    fixes).

  - blk-mq: backport fixes for
    blk_mq_complete_e_request_sync() (bsc#1145661).

  - blk-mq: Fix spelling in a source code comment (git
    fixes).

  - blk-mq: introduce blk_mq_complete_request_sync()
    (bsc#1145661).

  - blk-wbt: Avoid lock contention and thundering herd issue
    in wbt_wait (bsc#1141543).

  - blk-wbt: Avoid lock contention and thundering herd issue
    in wbt_wait (bsc#1141543).

  - block, documentation: Fix wbt_lat_usec documentation
    (git fixes).

  - Bluetooth: btqca: Add a short delay before downloading
    the NVM (bsc#1051510).

  - bnx2x: Prevent ptp_task to be rescheduled indefinitely
    (networking-stable-19_07_25).

  - bonding: validate ip header before check IPPROTO_IGMP
    (networking-stable-19_07_25).

  - Btrfs: add a helper to retrive extent inline ref type
    (bsc#1149325).

  - btrfs: add cleanup_ref_head_accounting helper
    (bsc#1050911).

  - Btrfs: add missing inode version, ctime and mtime
    updates when punching hole (bsc#1140487).

  - Btrfs: add one more sanity check for shared ref type
    (bsc#1149325).

  - btrfs: clean up pending block groups when transaction
    commit aborts (bsc#1050911).

  - Btrfs: convert to use btrfs_get_extent_inline_ref_type
    (bsc#1149325).

  - Btrfs: do not abort transaction at btrfs_update_root()
    after failure to COW path (bsc#1150933).

  - Btrfs: fix assertion failure during fsync and use of
    stale transaction (bsc#1150562).

  - Btrfs: fix data loss after inode eviction, renaming it,
    and fsync it (bsc#1145941).

  - btrfs: Fix delalloc inodes invalidation during
    transaction abort (bsc#1050911).

  - Btrfs: fix fsync not persisting dentry deletions due to
    inode evictions (bsc#1145942).

  - Btrfs: fix incremental send failure after deduplication
    (bsc#1145940).

  - btrfs: fix pinned underflow after transaction aborted
    (bsc#1050911).

  - Btrfs: fix race between send and deduplication that lead
    to failures and crashes (bsc#1145059).

  - Btrfs: fix race leading to fs corruption after
    transaction abort (bsc#1145937).

  - btrfs: handle delayed ref head accounting cleanup in
    abort (bsc#1050911).

  - Btrfs: prevent send failures and crashes due to
    concurrent relocation (bsc#1145059).

  - Btrfs: remove BUG() in add_data_reference (bsc#1149325).

  - Btrfs: remove BUG() in btrfs_extent_inline_ref_size
    (bsc#1149325).

  - Btrfs: remove BUG() in print_extent_item (bsc#1149325).

  - Btrfs: remove BUG_ON in __add_tree_block (bsc#1149325).

  - btrfs: Split btrfs_del_delalloc_inode into 2 functions
    (bsc#1050911).

  - btrfs: start readahead also in seed devices
    (bsc#1144886).

  - btrfs: track running balance in a simpler way
    (bsc#1145059).

  - caif-hsi: fix possible deadlock in cfhsi_exit_module()
    (networking-stable-19_07_25).

  - can: m_can: implement errata 'Needless activation of
    MRAF irq' (bsc#1051510).

  - can: mcp251x: add support for mcp25625 (bsc#1051510).

  - can: peak_usb: fix potential double kfree_skb()
    (bsc#1051510).

  - can: peak_usb: force the string buffer NULL-terminated
    (bsc#1051510).

  - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB
    devices (bsc#1051510).

  - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB
    devices (bsc#1051510).

  - can: rcar_canfd: fix possible IRQ storm on high load
    (bsc#1051510).

  - can: sja1000: force the string buffer NULL-terminated
    (bsc#1051510).

  - carl9170: fix misuse of device driver API (bsc#1142635).

  - ceph: always get rstat from auth mds (bsc#1146346).

  - ceph: clean up ceph.dir.pin vxattr name sizeof()
    (bsc#1146346).

  - ceph: decode feature bits in session message
    (bsc#1146346).

  - ceph: do not blindly unregister session that is in
    opening state (bsc#1148133).

  - ceph: do not try fill file_lock on unsuccessful
    GETFILELOCK reply (bsc#1148133).

  - ceph: fix buffer free while holding i_ceph_lock in
    __ceph_build_xattrs_blob() (bsc#1148133).

  - ceph: fix buffer free while holding i_ceph_lock in
    __ceph_setxattr() (bsc#1148133).

  - ceph: fix buffer free while holding i_ceph_lock in
    fill_inode() (bsc#1148133).

  - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133
    bsc#1135219).

  - ceph: fix improper use of smp_mb__before_atomic()
    (bsc#1148133).

  - ceph: hold i_ceph_lock when removing caps for freeing
    inode (bsc#1148133).

  - ceph: remove request from waiting list before unregister
    (bsc#1148133).

  - ceph: silence a checker warning in mdsc_show()
    (bsc#1148133).

  - ceph: support cephfs' own feature bits (bsc#1146346).

  - ceph: support getting ceph.dir.pin vxattr (bsc#1146346).

  - ceph: support versioned reply (bsc#1146346).

  - ceph: use bit flags to define vxattr attributes
    (bsc#1146346).

  - cifs: Accept validate negotiate if server return
    NT_STATUS_NOT_SUPPORTED (bsc#1144333).

  - cifs: add a new SMB2_close_flags function (bsc#1144333).

  - cifs: add a smb2_compound_op and change QUERY_INFO to
    use it (bsc#1144333).

  - cifs: add a timeout argument to wait_for_free_credits
    (bsc#1144333).

  - cifs: add a warning if we try to to dequeue a deleted
    mid (bsc#1144333).

  - cifs: add compound_send_recv() (bsc#1144333).

  - cifs: add credits from unmatched responses/messages
    (bsc#1144333).

  - cifs: add debug output to show nocase mount option
    (bsc#1144333).

  - cifs: Add DFS cache routines (bsc#1144333).

  - cifs: Add direct I/O functions to file_operations
    (bsc#1144333).

  - cifs: add fiemap support (bsc#1144333).

  - cifs: add iface info to struct cifs_ses (bsc#1144333).

  - cifs: add IOCTL for QUERY_INFO passthrough to userspace
    (bsc#1144333).

  - cifs: add lease tracking to the cached root fid
    (bsc#1144333).

  - cifs: Add minor debug message during negprot
    (bsc#1144333).

  - cifs: add missing debug entries for kconfig options
    (bsc#1051510, bsc#1144333).

  - cifs: add missing GCM module dependency (bsc#1144333).

  - cifs: add missing support for ACLs in SMB 3.11
    (bsc#1051510, bsc#1144333).

  - cifs: add ONCE flag for cifs_dbg type (bsc#1144333).

  - cifs: add pdu_size to the TCP_Server_Info structure
    (bsc#1144333).

  - cifs: add resp_buf_size to the mid_q_entry structure
    (bsc#1144333).

  - cifs: address trivial coverity warning (bsc#1144333).

  - cifs: add server argument to the dump_detail method
    (bsc#1144333).

  - cifs: add server->vals->header_preamble_size
    (bsc#1144333).

  - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333).

  - cifs: add sha512 secmech (bsc#1051510, bsc#1144333).

  - cifs: Adds information-level logging function
    (bsc#1144333).

  - cifs: add SMB2_close_init()/SMB2_close_free()
    (bsc#1144333).

  - cifs: add SMB2_ioctl_init/free helpers to be used with
    compounding (bsc#1144333).

  - cifs: add SMB2_query_info_[init|free]() (bsc#1144333).

  - cifs: Add smb2_send_recv (bsc#1144333).

  - cifs: add spinlock for the openFileList to cifsInodeInfo
    (bsc#1144333).

  - cifs: add .splice_write (bsc#1144333).

  - cifs: Add support for direct I/O read (bsc#1144333).

  - cifs: Add support for direct I/O write (bsc#1144333).

  - cifs: Add support for direct pages in rdata
    (bsc#1144333).

  - cifs: Add support for direct pages in wdata
    (bsc#1144333).

  - cifs: Add support for failover in cifs_mount()
    (bsc#1144333).

  - cifs: Add support for failover in cifs_reconnect()
    (bsc#1144333).

  - cifs: Add support for failover in cifs_reconnect_tcon()
    (bsc#1144333).

  - cifs: Add support for failover in smb2_reconnect()
    (bsc#1144333).

  - cifs: Add support for FSCTL passthrough that write data
    to the server (bsc#1144333).

  - cifs: add support for ioctl on directories
    (bsc#1144333).

  - cifs: Add support for reading attributes on SMB2+
    (bsc#1051510, bsc#1144333).

  - cifs: add support for SEEK_DATA and SEEK_HOLE
    (bsc#1144333).

  - cifs: Add support for writing attributes on SMB2+
    (bsc#1051510, bsc#1144333).

  - cifs: Adjust MTU credits before reopening a file
    (bsc#1144333).

  - cifs: Allocate memory for all iovs in smb2_ioctl
    (bsc#1144333).

  - cifs: Allocate validate negotiation request through
    kmalloc (bsc#1144333).

  - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333).

  - cifs: allow disabling less secure legacy dialects
    (bsc#1144333).

  - cifs: allow guest mounts to work for smb3.11
    (bsc#1051510, bsc#1144333).

  - cifs: always add credits back for unsolicited PDUs
    (bsc#1144333).

  - cifs: Always reset read error to -EIO if no response
    (bsc#1144333).

  - cifs: Always resolve hostname before reconnecting
    (bsc#1051510, bsc#1144333).

  - cifs: a smb2_validate_and_copy_iov failure does not mean
    the handle is invalid (bsc#1144333).

  - cifs: auto disable 'serverino' in dfs mounts
    (bsc#1144333).

  - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for
    the common case (bsc#1144333).

  - cifs: Avoid returning EBUSY to upper layer VFS
    (bsc#1144333).

  - cifs: cache FILE_ALL_INFO for the shared root handle
    (bsc#1144333).

  - cifs: Calculate the correct request length based on page
    offset and tail size (bsc#1144333).

  - cifs: Call MID callback before destroying transport
    (bsc#1144333).

  - cifs: change mkdir to use a compound (bsc#1144333).

  - cifs: change smb2_get_data_area_len to take a
    smb2_sync_hdr as argument (bsc#1144333).

  - cifs: Change SMB2_open to return an iov for the error
    parameter (bsc#1144333).

  - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use
    compounding (bsc#1144333).

  - cifs: change SMB2_OP_SET_EOF to use compounding
    (bsc#1144333).

  - cifs: change SMB2_OP_SET_INFO to use compounding
    (bsc#1144333).

  - cifs: change smb2_query_eas to use the compound
    query-info helper (bsc#1144333).

  - cifs: change unlink to use a compound (bsc#1144333).

  - cifs: change validate_buf to validate_iov (bsc#1144333).

  - cifs: change wait_for_free_request() to take flags as
    argument (bsc#1144333).

  - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse
    existing sb (bsc#1144333).

  - cifs: Check for reconnects before sending async requests
    (bsc#1144333).

  - cifs: Check for reconnects before sending compound
    requests (bsc#1144333).

  - cifs: check for STATUS_USER_SESSION_DELETED
    (bsc#1112902, bsc#1144333).

  - cifs: Check for timeout on Negotiate stage (bsc#1091171,
    bsc#1144333).

  - cifs: check if SMB2 PDU size has been padded and
    suppress the warning (bsc#1144333).

  - cifs: check kmalloc before use (bsc#1051510,
    bsc#1144333).

  - cifs: check kzalloc return (bsc#1144333).

  - cifs: check MaxPathNameComponentLength != 0 before using
    it (bsc#1085536, bsc#1144333).

  - cifs: check ntwrk_buf_start for NULL before
    dereferencing it (bsc#1144333).

  - cifs: check rsp for NULL before dereferencing in
    SMB2_open (bsc#1085536, bsc#1144333).

  - cifs: cifs_read_allocate_pages: do not iterate through
    whole page array on ENOMEM (bsc#1144333).

  - cifs: clean up indentation, replace spaces with tab
    (bsc#1144333).

  - cifs: cleanup smb2ops.c and normalize strings
    (bsc#1144333).

  - cifs: complete PDU definitions for interface queries
    (bsc#1144333).

  - cifs: connect to servername instead of IP for IPC$ share
    (bsc#1051510, bsc#1144333).

  - cifs: Count SMB3 credits for malformed pending responses
    (bsc#1144333).

  - cifs: create a define for how many iovs we need for an
    SMB2_open() (bsc#1144333).

  - cifs: create a define for the max number of iov we need
    for a SMB2 set_info (bsc#1144333).

  - cifs: create a helper function for compound query_info
    (bsc#1144333).

  - cifs: create helpers for SMB2_set_info_init/free()
    (bsc#1144333).

  - cifs: create SMB2_open_init()/SMB2_open_free() helpers
    (bsc#1144333).

  - cifs: Display SMB2 error codes in the hex format
    (bsc#1144333).

  - cifs: document tcon/ses/server refcount dance
    (bsc#1144333).

  - cifs: do not allow creating sockets except with SMB1
    posix exensions (bsc#1102097, bsc#1144333).

  - cifs: Do not assume one credit for async responses
    (bsc#1144333).

  - cifs: do not attempt cifs operation on smb2+ rename
    error (bsc#1144333).

  - cifs: Do not consider -ENODATA as stat failure for reads
    (bsc#1144333).

  - cifs: Do not count -ENODATA as failure for query
    directory (bsc#1051510, bsc#1144333).

  - cifs: do not dereference smb_file_target before null
    check (bsc#1051510, bsc#1144333).

  - cifs: Do not hide EINTR after sending network packets
    (bsc#1051510, bsc#1144333).

  - cifs: Do not log credits when unmounting a share
    (bsc#1144333).

  - cifs: do not log STATUS_NOT_FOUND errors for DFS
    (bsc#1051510, bsc#1144333).

  - cifs: Do not match port on SMBDirect transport
    (bsc#1144333).

  - cifs: Do not modify mid entry after submitting I/O in
    cifs_call_async (bsc#1051510, bsc#1144333).

  - cifs: Do not reconnect TCP session in add_credits()
    (bsc#1051510, bsc#1144333).

  - cifs: Do not reset lease state to NONE on lease break
    (bsc#1051510, bsc#1144333).

  - cifs: do not return atime less than mtime (bsc#1144333).

  - cifs: do not send invalid input buffer on QUERY_INFO
    requests (bsc#1144333).

  - cifs: Do not set credits to 1 if the server didn't grant
    anything (bsc#1144333).

  - cifs: do not show domain= in mount output when domain is
    empty (bsc#1144333).

  - cifs: Do not skip SMB2 message IDs on send failures
    (bsc#1144333).

  - cifs: do not use __constant_cpu_to_le32() (bsc#1144333).

  - cifs: dump every session iface info (bsc#1144333).

  - cifs: dump IPC tcon in debug proc file (bsc#1071306,
    bsc#1144333).

  - cifs: fallback to older infolevels on findfirst
    queryinfo retry (bsc#1144333).

  - cifs: Find and reopen a file before get MTU credits in
    writepages (bsc#1144333).

  - cifs: fix a buffer leak in smb2_query_symlink
    (bsc#1144333).

  - cifs: fix a credits leak for compund commands
    (bsc#1144333).

  - cifs: Fix a debug message (bsc#1144333).

  - cifs: Fix adjustment of credits for MTU requests
    (bsc#1051510, bsc#1144333).

  - cifs: Fix an issue with re-sending rdata when transport
    returning -EAGAIN (bsc#1144333).

  - cifs: Fix an issue with re-sending wdata when transport
    returning -EAGAIN (bsc#1144333).

  - cifs: Fix a race condition with cifs_echo_request
    (bsc#1144333).

  - cifs: Fix a tiny potential memory leak (bsc#1144333).

  - cifs: Fix autonegotiate security settings mismatch
    (bsc#1087092, bsc#1144333).

  - cifs: fix bi-directional fsctl passthrough calls
    (bsc#1144333).

  - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled
    (bsc#1144333).

  - cifs: fix build errors for SMB_DIRECT (bsc#1144333).

  - cifs: Fix check for matching with existing mount
    (bsc#1144333).

  - cifs: fix circular locking dependency (bsc#1064701,
    bsc#1144333).

  - cifs: fix computation for MAX_SMB2_HDR_SIZE
    (bsc#1144333).

  - cifs: fix confusing warning message on reconnect
    (bsc#1144333).

  - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333).

  - cifs: fix crash in
    smb2_compound_op()/smb2_set_next_command()
    (bsc#1144333).

  - cifs: fix crash querying symlinks stored as
    reparse-points (bsc#1144333).

  - cifs: Fix credit calculation for encrypted reads with
    errors (bsc#1051510, bsc#1144333).

  - cifs: Fix credit calculations in compound mid callback
    (bsc#1144333).

  - cifs: Fix credit computation for compounded requests
    (bsc#1144333).

  - cifs: Fix credits calculation for cancelled requests
    (bsc#1144333).

  - cifs: Fix credits calculations for reads with errors
    (bsc#1051510, bsc#1144333).

  - cifs: fix credits leak for SMB1 oplock breaks
    (bsc#1144333).

  - cifs: fix deadlock in cached root handling
    (bsc#1144333).

  - cifs: Fix DFS cache refresher for DFS links
    (bsc#1144333).

  - cifs: fix encryption in SMB3.1.1 (bsc#1144333).

  - cifs: Fix encryption/signing (bsc#1144333).

  - cifs: Fix error mapping for SMB2_LOCK command which
    caused OFD lock problem (bsc#1051510, bsc#1144333).

  - cifs: Fix error paths in writeback code (bsc#1144333).

  - cifs: fix GlobalMid_Lock bug in cifs_reconnect
    (bsc#1144333).

  - cifs: fix handle leak in smb2_query_symlink()
    (bsc#1144333).

  - cifs: fix incorrect handling of smb2_set_sparse() return
    in smb3_simple_falloc (bsc#1144333).

  - cifs: Fix infinite loop when using hard mount option
    (bsc#1091171, bsc#1144333).

  - cifs: Fix invalid check in __cifs_calc_signature()
    (bsc#1144333).

  - cifs: Fix kernel oops when traceSMB is enabled
    (bsc#1144333).

  - cifs: fix kref underflow in close_shroot()
    (bsc#1144333).

  - cifs: Fix leaking locked VFS cache pages in writeback
    retry (bsc#1144333).

  - cifs: Fix lease buffer length error (bsc#1144333).

  - cifs: fix memory leak and remove dead code
    (bsc#1144333).

  - cifs: fix memory leak in SMB2_open() (bsc#1112894,
    bsc#1144333).

  - cifs: fix memory leak in SMB2_read (bsc#1144333).

  - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510,
    bsc#1144333).

  - cifs: fix memory leak of an allocated cifs_ntsd
    structure (bsc#1144333).

  - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl
    case (bsc#1144333).

  - cifs: Fix missing put_xid in cifs_file_strict_mmap
    (bsc#1087092, bsc#1144333).

  - cifs: Fix module dependency (bsc#1144333).

  - cifs: Fix mounts if the client is low on credits
    (bsc#1144333).

  - cifs: fix NULL deref in SMB2_read (bsc#1085539,
    bsc#1144333).

  - cifs: Fix NULL pointer dereference of devname
    (bnc#1129519).

  - cifs: Fix NULL pointer deref on SMB2_tcon() failure
    (bsc#1071009, bsc#1144333).

  - cifs: Fix NULL ptr deref (bsc#1144333).

  - cifs: fix page reference leak with readv/writev
    (bsc#1144333).

  - cifs: fix panic in smb2_reconnect (bsc#1144333).

  - cifs: fix parsing of symbolic link error response
    (bsc#1144333).

  - cifs: fix POSIX lock leak and invalid ptr deref
    (bsc#1114542, bsc#1144333).

  - cifs: Fix possible hang during async MTU reads and
    writes (bsc#1051510, bsc#1144333).

  - cifs: Fix possible oops and memory leaks in async IO
    (bsc#1144333).

  - cifs: Fix potential OOB access of lock element array
    (bsc#1051510, bsc#1144333).

  - cifs: Fix read after write for files with read caching
    (bsc#1051510, bsc#1144333).

  - cifs: fix return value for cifs_listxattr (bsc#1051510,
    bsc#1144333).

  - cifs: fix rmmod regression in cifs.ko caused by
    force_sig changes (bsc#1144333).

  - cifs: Fix separator when building path from dentry
    (bsc#1051510, bsc#1144333).

  - cifs: fix sha512 check in cifs_crypto_secmech_release
    (bsc#1051510, bsc#1144333).

  - cifs: fix signed/unsigned mismatch on aio_read patch
    (bsc#1144333).

  - cifs: Fix signing for SMB2/3 (bsc#1144333).

  - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2
    ACE setting (bsc#1144333).

  - cifs: Fix slab-out-of-bounds when tracing SMB tcon
    (bsc#1144333).

  - cifs: fix SMB1 breakage (bsc#1144333).

  - cifs: fix smb3_zero_range for Azure (bsc#1144333).

  - cifs: fix smb3_zero_range so it can expand the file-size
    when required (bsc#1144333).

  - cifs: fix sparse warning on previous patch in a few
    printks (bsc#1144333).

  - cifs: fix spelling mistake, EACCESS -> EACCES
    (bsc#1144333).

  - cifs: Fix stack out-of-bounds in
    smb(2,3)_create_lease_buf() (bsc#1051510, bsc#1144333).

  - cifs: fix strcat buffer overflow and reduce raciness in
    smb21_set_oplock_level() (bsc#1144333).

  - cifs: Fix to use kmem_cache_free() instead of kfree()
    (bsc#1144333).

  - cifs: Fix trace command logging for SMB2 reads and
    writes (bsc#1144333).

  - cifs: fix typo in cifs_dbg (bsc#1144333).

  - cifs: fix typo in debug message with struct field
    ia_valid (bsc#1144333).

  - cifs: fix uninitialized ptr deref in smb2 signing
    (bsc#1144333).

  - cifs: Fix use-after-free in SMB2_read (bsc#1144333).

  - cifs: Fix use-after-free in SMB2_write (bsc#1144333).

  - cifs: Fix use after free of a mid_q_entry (bsc#1112903,
    bsc#1144333).

  - cifs: fix use-after-free of the lease keys
    (bsc#1144333).

  - cifs: Fix validation of signed data in smb2
    (bsc#1144333).

  - cifs: Fix validation of signed data in smb3+
    (bsc#1144333).

  - cifs: fix wrapping bugs in num_entries() (bsc#1051510,
    bsc#1144333).

  - cifs: flush before set-info if we have writeable handles
    (bsc#1144333).

  - cifs: For SMB2 security informaion query, check for
    minimum sized security descriptor instead of sizeof
    FileAllInformation class (bsc#1051510, bsc#1144333).

  - cifs: handle large EA requests more gracefully in smb2+
    (bsc#1144333).

  - cifs: handle netapp error codes (bsc#1136261).

  - cifs: hide unused functions (bsc#1051510, bsc#1144333).

  - cifs: hide unused functions (bsc#1051510, bsc#1144333).

  - cifs: implement v3.11 preauth integrity (bsc#1051510,
    bsc#1144333).

  - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on
    legacy (insecure cifs) (bsc#1144333).

  - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510,
    bsc#1144333).

  - cifs: Introduce helper function to get page offset and
    length in smb_rqst (bsc#1144333).

  - cifs: Introduce offset for the 1st page in data transfer
    structures (bsc#1144333).

  - cifs: invalidate cache when we truncate a file
    (bsc#1051510, bsc#1144333).

  - cifs: keep FileInfo handle live during oplock break
    (bsc#1106284, bsc#1131565, bsc#1144333).

  - cifs: limit amount of data we request for xattrs to
    CIFSMaxBufSize (bsc#1144333).

  - cifs: Limit memory used by lock request calls to a page
    (bsc#1144333).

  - cifs_lookup(): cifs_get_inode_...() never returns 0 with
    *inode left NULL (bsc#1144333).

  - cifs_lookup(): switch to d_splice_alias() (bsc#1144333).

  - cifs: make arrays static const, reduces object code size
    (bsc#1144333).

  - cifs: Make devname param optional in
    cifs_compose_mount_options() (bsc#1144333).

  - cifs: make IPC a regular tcon (bsc#1071306,
    bsc#1144333).

  - cifs: make minor clarifications to module params for
    cifs.ko (bsc#1144333).

  - cifs: make mknod() an smb_version_op (bsc#1144333).

  - cifs: make 'nodfs' mount opt a superblock flag
    (bsc#1051510, bsc#1144333).

  - cifs: make rmdir() use compounding (bsc#1144333).

  - cifs: make smb_send_rqst take an array of requests
    (bsc#1144333).

  - cifs: Make sure all data pages are signed correctly
    (bsc#1144333).

  - cifs: Make use of DFS cache to get new DFS referrals
    (bsc#1144333).

  - cifs: Mask off signals when sending SMB packets
    (bsc#1144333).

  - cifs: minor clarification in comments (bsc#1144333).

  - cifs: Minor Kconfig clarification (bsc#1144333).

  - cifs: minor updates to module description for cifs.ko
    (bsc#1144333).

  - cifs: Move credit processing to mid callbacks for SMB3
    (bsc#1144333).

  - cifs: move default port definitions to cifsglob.h
    (bsc#1144333).

  - cifs: move large array from stack to heap (bsc#1144333).

  - cifs: Move open file handling to writepages
    (bsc#1144333).

  - cifs: Move unlocking pages from wdata_send_pages()
    (bsc#1144333).

  - cifs: OFD locks do not conflict with eachothers
    (bsc#1051510, bsc#1144333).

  - cifs: Only free DFS target list if we actually got one
    (bsc#1144333).

  - cifs: Only send SMB2_NEGOTIATE command on new TCP
    connections (bsc#1144333).

  - cifs: only wake the thread for the very last PDU in a
    compound (bsc#1144333).

  - cifs: parse and store info on iface queries
    (bsc#1144333).

  - cifs: pass flags down into wait_for_free_credits()
    (bsc#1144333).

  - cifs: Pass page offset for calculating signature
    (bsc#1144333).

  - cifs: Pass page offset for encrypting (bsc#1144333).

  - cifs: pass page offsets on SMB1 read/write
    (bsc#1144333).

  - cifs: prevent integer overflow in nxt_dir_entry()
    (bsc#1051510, bsc#1144333).

  - cifs: prevent starvation in wait_for_free_credits for
    multi-credit requests (bsc#1144333).

  - cifs: print CIFSMaxBufSize as part of
    /proc/fs/cifs/DebugData (bsc#1144333).

  - cifs: Print message when attempting a mount
    (bsc#1144333).

  - cifs: Properly handle auto disabling of serverino option
    (bsc#1144333).

  - cifs: protect against server returning invalid file
    system block size (bsc#1144333).

  - cifs: prototype declaration and definition for smb 2 - 3
    and cifsacl mount options (bsc#1051510, bsc#1144333).

  - cifs: prototype declaration and definition to set acl
    for smb 2 - 3 and cifsacl mount options (bsc#1051510,
    bsc#1144333).

  - cifs: push rfc1002 generation down the stack
    (bsc#1144333).

  - cifs: read overflow in is_valid_oplock_break()
    (bsc#1144333).

  - cifs: Reconnect expired SMB sessions (bnc#1060662).

  - cifs: refactor and clean up arguments in the reparse
    point parsing (bsc#1144333).

  - cifs: refactor crypto shash/sdesc allocation&free
    (bsc#1051510, bsc#1144333).

  - cifs: Refactor out cifs_mount() (bsc#1144333).

  - cifs: release auth_key.response for reconnect
    (bsc#1085536, bsc#1144333).

  - cifs: release cifs root_cred after exit_cifs
    (bsc#1085536, bsc#1144333).

  - cifs: remove coverity warning in calc_lanman_hash
    (bsc#1144333).

  - cifs: Remove custom credit adjustments for SMB2 async IO
    (bsc#1144333).

  - cifs: remove header_preamble_size where it is always 0
    (bsc#1144333).

  - cifs: remove redundant duplicated assignment of pointer
    'node' (bsc#1144333).

  - cifs: remove rfc1002 hardcoded constants from
    cifs_discard_remaining_data() (bsc#1144333).

  - cifs: remove rfc1002 header from all SMB2 response
    structures (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_close_req
    (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_create_req
    (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_echo_req
    (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_flush_req
    (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_ioctl_req
    (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_lease_ack
    (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_lock_req
    (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_logoff_req
    (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_negotiate_req
    (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_oplock_break we
    get from server (bsc#1144333).

  - cifs: remove rfc1002 header from
    smb2_query_directory_req (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_query_info_req
    (bsc#1144333).

  - cifs: remove rfc1002 header from smb2 read/write
    requests (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_sess_setup_req
    (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_set_info_req
    (bsc#1144333).

  - cifs: remove rfc1002 header from smb2_tree_connect_req
    (bsc#1144333).

  - cifs: remove rfc1002 header from
    smb2_tree_disconnect_req (bsc#1144333).

  - cifs: remove set but not used variable 'cifs_sb'
    (bsc#1144333).

  - cifs: remove set but not used variable 'sep'
    (bsc#1144333).

  - cifs: remove set but not used variable 'server'
    (bsc#1144333).

  - cifs: remove set but not used variable 'smb_buf'
    (bsc#1144333).

  - cifs: remove small_smb2_init (bsc#1144333).

  - cifs: remove smb2_send_recv() (bsc#1144333).

  - cifs: remove struct smb2_hdr (bsc#1144333).

  - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333).

  - cifs: remove the is_falloc argument to SMB2_set_eof
    (bsc#1144333).

  - cifs: remove unused stats (bsc#1144333).

  - cifs: remove unused value pointed out by Coverity
    (bsc#1144333).

  - cifs: remove unused variable from SMB2_read
    (bsc#1144333).

  - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP
    (bsc#1144333).

  - cifs: Reopen file before get SMB2 MTU credits for async
    IO (bsc#1144333).

  - cifs: replace a 4 with
    server->vals->header_preamble_size (bsc#1144333).

  - cifs: replace snprintf with scnprintf (bsc#1144333).

  - cifs: Respect reconnect in MTU credits calculations
    (bsc#1144333).

  - cifs: Respect reconnect in non-MTU credits calculations
    (bsc#1144333).

  - cifs: Respect SMB2 hdr preamble size in read responses
    (bsc#1144333).

  - cifs: return correct errors when pinning memory failed
    for direct I/O (bsc#1144333).

  - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333).

  - cifs: return -ENODATA when deleting an xattr that does
    not exist (bsc#1144333).

  - cifs: Return error code when getting file handle for
    writeback (bsc#1144333).

  - cifs: return error on invalid value written to cifsFYI
    (bsc#1144333).

  - cifs: Save TTL value when parsing DFS referrals
    (bsc#1144333).

  - cifs: Select all required crypto modules (bsc#1085536,
    bsc#1144333).

  - cifs: set mapping error when page writeback fails in
    writepage or launder_pages (bsc#1144333).

  - cifs: set oparms.create_options rather than or'ing in
    CREATE_OPEN_BACKUP_INTENT (bsc#1144333).

  - cifs: Set reconnect instance to one initially
    (bsc#1144333).

  - cifs: set *resp_buf_type to NO_BUFFER on error
    (bsc#1144333).

  - cifs: Show locallease in /proc/mounts for cifs shares
    mounted with locallease feature (bsc#1144333).

  - cifs: show 'soft' in the mount options for hard mounts
    (bsc#1144333).

  - cifs: show the w bit for writeable /proc/fs/cifs/* files
    (bsc#1144333).

  - cifs: silence compiler warnings showing up with
    gcc-8.0.0 (bsc#1090734, bsc#1144333).

  - cifs: Silence uninitialized variable warning
    (bsc#1144333).

  - cifs: simple stats should always be enabled
    (bsc#1144333).

  - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef
    (bsc#1144333). - Update config files.

  - cifs: simplify how we handle credits in
    compound_send_recv() (bsc#1144333).

  - cifs: Skip any trailing backslashes from UNC
    (bsc#1144333).

  - cifs: smb2 commands can not be negative, remove
    confusing check (bsc#1144333).

  - cifs: smb2ops: Fix listxattr() when there are no EAs
    (bsc#1051510, bsc#1144333).

  - cifs: smb2ops: Fix NULL check in smb2_query_symlink
    (bsc#1144333).

  - cifs: smb2pdu: Fix potential NULL pointer dereference
    (bsc#1144333).

  - cifs: SMBD: Add parameter rdata to smb2_new_read_req
    (bsc#1144333).

  - cifs: SMBD: Add rdma mount option (bsc#1144333).

  - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333).

  - cifs: SMBD: Add SMB Direct protocol initial values and
    constants (bsc#1144333).

  - cifs: smbd: Avoid allocating iov on the stack
    (bsc#1144333).

  - cifs: smbd: avoid reconnect lockup (bsc#1144333).

  - cifs: smbd: Check for iov length on sending the last iov
    (bsc#1144333).

  - cifs: smbd: depend on INFINIBAND_ADDR_TRANS
    (bsc#1144333).

  - cifs: SMBD: Disable signing on SMB direct transport
    (bsc#1144333).

  - cifs: smbd: disconnect transport on RDMA errors
    (bsc#1144333).

  - cifs: SMBD: Do not call ib_dereg_mr on invalidated
    memory registration (bsc#1144333).

  - cifs: smbd: Do not destroy transport on RDMA disconnect
    (bsc#1144333).

  - cifs: smbd: Do not use RDMA read/write when signing is
    used (bsc#1144333).

  - cifs: smbd: Dump SMB packet when configured
    (bsc#1144333).

  - cifs: smbd: Enable signing with smbdirect (bsc#1144333).

  - cifs: SMBD: Establish SMB Direct connection
    (bsc#1144333).

  - cifs: SMBD: export protocol initial values
    (bsc#1144333).

  - cifs: SMBD: fix spelling mistake: faield and legnth
    (bsc#1144333).

  - cifs: SMBD: Fix the definition for
    SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333).

  - cifs: SMBD: Implement function to create a SMB Direct
    connection (bsc#1144333).

  - cifs: SMBD: Implement function to destroy a SMB Direct
    connection (bsc#1144333).

  - cifs: SMBD: Implement function to receive data via RDMA
    receive (bsc#1144333).

  - cifs: SMBD: Implement function to reconnect to a SMB
    Direct transport (bsc#1144333).

  - cifs: SMBD: Implement function to send data via RDMA
    send (bsc#1144333).

  - cifs: SMBD: Implement RDMA memory registration
    (bsc#1144333).

  - cifs: smbd: Indicate to retry on transport sending
    failure (bsc#1144333).

  - cifs: SMBD: Read correct returned data length for RDMA
    write (SMB read) I/O (bsc#1144333).

  - cifs: smbd: Retry on memory registration failure
    (bsc#1144333).

  - cifs: smbd: Return EINTR when interrupted (bsc#1144333).

  - cifs: SMBD: Set SMB Direct maximum read or write size
    for I/O (bsc#1144333).

  - cifs: SMBD: _smbd_get_connection() can be static
    (bsc#1144333).

  - cifs: SMBD: Support page offset in memory registration
    (bsc#1144333).

  - cifs: SMBD: Support page offset in RDMA recv
    (bsc#1144333).

  - cifs: SMBD: Support page offset in RDMA send
    (bsc#1144333).

  - cifs: smbd: take an array of reqeusts when sending upper
    layer data (bsc#1144333).

  - cifs: SMBD: Upper layer connects to SMBDirect session
    (bsc#1144333).

  - cifs: SMBD: Upper layer destroys SMB Direct session on
    shutdown or umount (bsc#1144333).

  - cifs: SMBD: Upper layer performs SMB read via RDMA write
    through memory registration (bsc#1144333).

  - cifs: SMBD: Upper layer performs SMB write via RDMA read
    through memory registration (bsc#1144333).

  - cifs: SMBD: Upper layer receives data via RDMA receive
    (bsc#1144333).

  - cifs: SMBD: Upper layer reconnects to SMB Direct session
    (bsc#1144333).

  - cifs: SMBD: Upper layer sends data via RDMA send
    (bsc#1144333).

  - cifs:smbd Use the correct DMA direction when sending
    data (bsc#1144333).

  - cifs:smbd When reconnecting to server, call
    smbd_destroy() after all MIDs have been called
    (bsc#1144333).

  - cifs: SMBD: work around gcc -Wmaybe-uninitialized
    warning (bsc#1144333).

  - cifs: start DFS cache refresher in cifs_mount()
    (bsc#1144333).

  - cifs: store the leaseKey in the fid on SMB2_open
    (bsc#1051510, bsc#1144333).

  - cifs: suppress some implicit-fallthrough warnings
    (bsc#1144333).

  - cifs: track writepages in vfs operation counters
    (bsc#1144333).

  - cifs: Try to acquire credits at once for compound
    requests (bsc#1144333).

  - cifs: update calc_size to take a server argument
    (bsc#1144333).

  - cifs: update init_sg, crypt_message to take an array of
    rqst (bsc#1144333).

  - cifs: update internal module number (bsc#1144333).

  - cifs: update internal module version number
    (bsc#1144333).

  - cifs: update internal module version number
    (bsc#1144333).

  - cifs: update internal module version number
    (bsc#1144333).

  - cifs: update internal module version number
    (bsc#1144333).

  - cifs: update internal module version number
    (bsc#1144333).

  - cifs: update internal module version number for cifs.ko
    to 2.12 (bsc#1144333).

  - cifs: update internal module version number for cifs.ko
    to 2.12 (bsc#1144333).

  - cifs: update internal module version number for cifs.ko
    to 2.14 (bsc#1144333).

  - cifs: update module internal version number
    (bsc#1144333).

  - cifs: update multiplex loop to handle compounded
    responses (bsc#1144333).

  - cifs: update receive_encrypted_standard to handle
    compounded responses (bsc#1144333).

  - cifs: update smb2_calc_size to use smb2_sync_hdr instead
    of smb2_hdr (bsc#1144333).

  - cifs: update smb2_check_message to handle PDUs without a
    4 byte length header (bsc#1144333).

  - cifs: update smb2_queryfs() to use compounding
    (bsc#1144333).

  - cifs: update __smb_send_rqst() to take an array of
    requests (bsc#1144333).

  - cifs: use a compound for setting an xattr (bsc#1144333).

  - cifs: use a refcount to protect open/closing the cached
    file handle (bsc#1144333).

  - cifs: use correct format characters (bsc#1144333).

  - cifs: Use correct packet length in SMB2_TRANSFORM header
    (bsc#1144333).

  - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount()
    (bsc#1144333).

  - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333).

  - cifs: Use kmemdup rather than duplicating its
    implementation in smb311_posix_mkdir() (bsc#1144333).

  - cifs: Use kzfree() to free password (bsc#1144333).

  - cifs: Use offset when reading pages (bsc#1144333).

  - cifs: Use smb 2 - 3 and cifsacl mount options getacl
    functions (bsc#1051510, bsc#1144333).

  - cifs: Use smb 2 - 3 and cifsacl mount options setacl
    function (bsc#1051510, bsc#1144333).

  - cifs: use tcon_ipc instead of use_ipc parameter of
    SMB2_ioctl (bsc#1071306, bsc#1144333).

  - cifs: use the correct length when pinning memory for
    direct I/O for write (bsc#1144333).

  - cifs: Use ULL suffix for 64-bit constant (bsc#1051510,
    bsc#1144333).

  - cifs: wait_for_free_credits() make it possible to wait
    for >=1 credits (bsc#1144333).

  - cifs: we can not use small padding iovs together with
    encryption (bsc#1144333).

  - cifs: When sending data on socket, pass the correct page
    offset (bsc#1144333).

  - cifs: zero-range does not require the file is sparse
    (bsc#1144333).

  - cifs: zero sensitive data when freeing (bsc#1087092,
    bsc#1144333).

  - Cleanup some minor endian issues in smb3 rdma
    (bsc#1144333).

  - clk: add clk_bulk_get accessories (bsc#1144813).

  - clk: bcm2835: remove pllb (jsc#SLE-7294).

  - clk: bcm283x: add driver interfacing with Raspberry Pi's
    firmware (jsc#SLE-7294).

  - clk: bulk: silently error out on EPROBE_DEFER
    (bsc#1144718,bsc#1144813).

  - clk: Export clk_bulk_prepare() (bsc#1144813).

  - clk: raspberrypi: register platform device for
    raspberrypi-cpufreq (jsc#SLE-7294).

  - clk: renesas: cpg-mssr: Fix reset control race condition
    (bsc#1051510).

  - clk: rockchip: Add 1.6GHz PLL rate for rk3399
    (bsc#1144718,bsc#1144813).

  - clk: rockchip: assign correct id for pclk_ddr and
    hclk_sd in rk3399 (bsc#1144718,bsc#1144813).

  - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
    (bsc#1051510).

  - coredump: split pipe command whitespace before expanding
    template (bsc#1051510).

  - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294).

  - cpufreq: dt: Try freeing static OPPs only if we have
    added them (jsc#SLE-7294).

  - cpu/speculation: Warn on unsupported mitigations=
    parameter (bsc#1114279).

  - crypto: ccp - Add support for valid authsize values less
    than 16 (bsc#1051510).

  - crypto: ccp - Fix oops by properly managing allocated
    structures (bsc#1051510).

  - crypto: ccp - Ignore tag length when decrypting GCM
    ciphertext (bsc#1051510).

  - crypto: ccp - Ignore unconfigured CCP device on
    suspend/resume (bnc#1145934).

  - crypto: ccp - Validate buffer lengths for copy
    operations (bsc#1051510).

  - cx82310_eth: fix a memory leak bug (bsc#1051510).

  - devres: always use dev_name() in devm_ioremap_resource()
    (git fixes).

  - dfs_cache: fix a wrong use of kfree in flush_cache_ent()
    (bsc#1144333).

  - dmaengine: rcar-dmac: Reject zero-length slave DMA
    requests (bsc#1051510).

  - dm btree: fix order of block initialization in
    btree_split_beneath (git fixes).

  - dm bufio: fix deadlock with loop device (git fixes).

  - dm cache metadata: Fix loading discard bitset (git
    fixes).

  - dm crypt: do not overallocate the integrity tag space
    (git fixes).

  - dm crypt: fix parsing of extended IV arguments (git
    fixes).

  - dm delay: fix a crash when invalid device is specified
    (git fixes).

  - dm: fix to_sector() for 32bit (git fixes).

  - dm integrity: change memcmp to strncmp in
    dm_integrity_ctr (git fixes).

  - dm integrity: limit the rate of error messages (git
    fixes).

  - dm kcopyd: always complete failed jobs (git fixes).

  - dm log writes: make sure super sector log updates are
    written in order (git fixes).

  - dm raid: add missing cleanup in raid_ctr() (git fixes).

  - dm: revert 8f50e358153d ('dm: limit the max bio size as
    BIO_MAX_PAGES * PAGE_SIZE') (git fixes).

  - dm space map metadata: fix missing store of apply_bops()
    return value (git fixes).

  - dm table: fix invalid memory accesses with too high
    sector number (git fixes).

  - dm table: propagate BDI_CAP_STABLE_WRITES to fix
    sporadic checksum errors (git fixes).

  - dm thin: fix bug where bio that overwrites thin block
    ignores FUA (git fixes).

  - dm thin: fix passdown_double_checking_shared_status()
    (git fixes).

  - dm zoned: fix potential NULL dereference in
    dmz_do_reclaim() (git fixes).

  - dm zoned: Fix zone report handling (git fixes).

  - dm zoned: fix zone state management race (git fixes).

  - dm zoned: improve error handling in i/o map code (git
    fixes).

  - dm zoned: improve error handling in reclaim (git fixes).

  - dm zoned: properly handle backing device failure (git
    fixes).

  - dm zoned: Silence a static checker warning (git fixes).

  - Do not log confusing message on reconnect by default
    (bsc#1129664, bsc#1144333).

  - Do not log expected error on DFS referral request
    (bsc#1051510, bsc#1144333).

  - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS
    ioctl (bsc#1051510).

  - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate
    some strings (bsc#1051510).

  - drm/amdgpu/psp: move psp version specific function
    pointers to (bsc#1135642)

  - drm/etnaviv: add missing failure path to destroy
    suballoc (bsc#1135642)

  - drm/i915: Do not deballoon unused ggtt drm_mm_node in
    linux guest (bsc#1142635)

  - drm/i915: Fix wrong escape clock divisor init for GLK
    (bsc#1142635)

  - drm/i915/perf: ensure we keep a reference on the driver
    (bsc#1142635)

  - drm/i915: Restore relaxed padding
    (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635)

  - drm/i915/userptr: Acquire the page lock around
    set_page_dirty() (bsc#1051510).

  - drm/imx: notify drm core before sending event during
    crtc disable (bsc#1135642)

  - drm/imx: only send event on crtc disable if kept
    disabled (bsc#1135642)

  - drm/mediatek: call drm_atomic_helper_shutdown() when
    unbinding driver (bsc#1135642)

  - drm/mediatek: call mtk_dsi_stop() after
    mtk_drm_crtc_atomic_disable() (bsc#1135642)

  - drm/mediatek: clear num_pipes when unbind driver
    (bsc#1135642)

  - drm/mediatek: fix unbind functions (bsc#1135642)

  - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before
    goto (bsc#1142635)

  - drm/mediatek: unbind components in mtk_drm_unbind()
    (bsc#1135642)

  - drm/mediatek: use correct device to import PRIME buffers
    (bsc#1142635)

  - drm: msm: Fix add_gpu_components (bsc#1051510).

  - drm/msm/mdp5: Fix mdp5_cfg_init error return
    (bsc#1142635)

  - drm/nouveau: Do not retry infinitely when receiving no
    data on i2c (bsc#1142635)

  - drm/nouveau: fix memory leak in nouveau_conn_reset()
    (bsc#1051510).

  - drm/rockchip: Suspend DP late (bsc#1142635)

  - drm: silence variable 'conn' set but not used
    (bsc#1051510).

  - drm/udl: introduce a macro to convert dev to udl.
    (bsc#1113722)

  - drm/udl: move to embedding drm device inside udl device.
    (bsc#1113722)

  - drm/vmwgfx: fix a warning due to missing dma_parms
    (bsc#1135642)

  - drm/vmwgfx: fix memory leak when too many retries have
    occurred (bsc#1051510).

  - drm/vmwgfx: Use the backdoor port if the HB port is not
    available (bsc#1135642)

  - Drop an ASoC fix that was reverted in 4.14.y stable

  - ehea: Fix a copy-paste err in ehea_init_port_res
    (bsc#1051510).

  - ext4: use jbd2_inode dirty range scoping (bsc#1148616).

  - firmware: raspberrypi: register clk device
    (jsc#SLE-7294).

  - Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935
    allow write on the same file (bsc#1144333).

  - Fix encryption labels and lengths for SMB3.1.1
    (bsc#1085536, bsc#1144333).

  - fix incorrect error code mapping for OBJECTID_NOT_FOUND
    (bsc#1144333).

  - Fix kABI after KVM fixes

  - Fix match_server check to allow for auto dialect
    negotiate (bsc#1144333).

  - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536,
    bsc#1144333).

  - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y
    (bsc#1051510, bsc#1144333).

  - fix struct ufs_req removal of unused field (git-fixes).

  - Fix warning messages when mounting to older servers
    (bsc#1144333).

  - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333).

  - fs: cifs: cifsssmb: Change return type of
    convert_ace_to_cifs_ace (bsc#1144333).

  - fs/cifs: do not translate SFM_SLASH (U+F026) to
    backslash (bsc#1144333).

  - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL)
    (bsc#1144333).

  - fs/cifs: fix uninitialised variable warnings
    (bsc#1144333).

  - fs: cifs: Kconfig: pedantic formatting (bsc#1144333).

  - fs: cifs: Replace _free_xid call in cifs_root_iget
    function (bsc#1144333).

  - fs/cifs: require sha512 (bsc#1051510, bsc#1144333).

  - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls
    (bsc#1144333).

  - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free
    (bsc#1144333).

  - fs/cifs: suppress a string overflow warning
    (bsc#1144333).

  - fs/*/Kconfig: drop links to 404-compliant
    http://acl.bestbits.at (bsc#1144333).

  - fsl/fman: Use GFP_ATOMIC in
    (memac,tgec)_add_hash_mac_address() (bsc#1051510).

  - fs/xfs: Fix return code of xfs_break_leased_layouts()
    (bsc#1148031).

  - fs: xfs: xfs_log: Do not use KM_MAYFAIL at
    xfs_log_reserve() (bsc#1148033).

  - ftrace: Check for empty hash and comment the race with
    registering probes (bsc#1149418).

  - ftrace: Check for successful allocation of hash
    (bsc#1149424).

  - ftrace: Fix NULL pointer dereference in t_probe_next()
    (bsc#1149413).

  - gpio: Fix build error of function redefinition
    (bsc#1051510).

  - gpio: gpio-omap: add check for off wake capable gpios
    (bsc#1051510).

  - gpiolib: fix incorrect IRQ requesting of an active-low
    lineevent (bsc#1051510).

  - gpiolib: never report open-drain/source lines as 'input'
    to user-space (bsc#1051510).

  - gpio: mxs: Get rid of external API call (bsc#1051510).

  - gpio: pxa: handle corner case of unprobed device
    (bsc#1051510).

  - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
    (bsc#1142635)

  - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
    (bsc#1051510).

  - HID: Add quirk for HP X1200 PIXART OEM mouse
    (bsc#1051510).

  - HID: cp2112: prevent sleeping function called from
    invalid context (bsc#1051510).

  - HID: hiddev: avoid opening a disconnected device
    (bsc#1051510).

  - HID: hiddev: do cleanup in failure of opening a device
    (bsc#1051510).

  - HID: holtek: test for sanity of intfdata (bsc#1051510).

  - HID: sony: Fix race condition between rumble and device
    remove (bsc#1051510).

  - HID: wacom: Correct distance scale for 2nd-gen Intuos
    devices (bsc#1142635).

  - HID: wacom: correct misreported EKR ring values
    (bsc#1142635).

  - HID: wacom: fix bit shift for Cintiq Companion 2
    (bsc#1051510).

  - hwmon: (nct7802) Fix wrong detection of in4 presence
    (bsc#1051510).

  - i2c: emev2: avoid race when unregistering slave client
    (bsc#1051510).

  - i2c: piix4: Fix port selection for AMD Family 16h Model
    30h (bsc#1051510).

  - i2c: qup: fixed releasing dma without flush operation
    completion (bsc#1051510).

  - IB/mlx5: Fix MR registration flow to use UMR properly
    (bsc#1093205 bsc#1145678).

  - ibmveth: Convert multicast list size for little-endian
    system (bsc#1061843).

  - ibmvnic: Do not process reset during or after device
    removal (bsc#1149652 ltc#179635).

  - ibmvnic: Unmap DMA address of TX descriptor buffers
    after use (bsc#1146351 ltc#180726).

  - igmp: fix memory leak in igmpv3_del_delrec()
    (networking-stable-19_07_25).

  - iio: adc: max9611: Fix misuse of GENMASK macro
    (bsc#1051510).

  - iio: adc: max9611: Fix temperature reading in probe
    (bsc#1051510).

  - Improve security, move default dialect to SMB3 from old
    CIFS (bsc#1051510, bsc#1144333).

  - include/linux/bitops.h: sanitize rotate primitives (git
    fixes).

  - Input: iforce - add sanity checks (bsc#1051510).

  - Input: kbtab - sanity check for endpoint type
    (bsc#1051510).

  - Input: synaptics - enable RMI mode for HP Spectre X360
    (bsc#1051510).

  - intel_th: pci: Add support for another Lewisburg PCH
    (bsc#1051510).

  - intel_th: pci: Add Tiger Lake support (bsc#1051510).

  - iommu/amd: Add support for X2APIC IOMMU interrupts
    (bsc#1145010).

  - iommu/amd: Fix race in increase_address_space()
    (bsc#1150860).

  - iommu/amd: Flush old domains in kdump kernel
    (bsc#1150861).

  - iommu/amd: Move iommu_init_pci() to .init section
    (bsc#1149105).

  - iommu/dma: Handle SG length overflow better
    (bsc#1146084).

  - ipip: validate header length in ipip_tunnel_xmit
    (git-fixes).

  - ipv4: do not set IPv6 only flags to IPv4 addresses
    (networking-stable-19_07_25).

  - irqchip/gic-v3-its: fix build warnings (bsc#1144880).

  - ISDN: hfcsusb: checking idx of ep configuration
    (bsc#1051510).

  - isdn: hfcsusb: Fix mISDN driver crash caused by transfer
    buffer on the stack (bsc#1051510).

  - isdn: mISDN: hfcsusb: Fix possible NULL pointer
    dereferences in start_isoc_chain() (bsc#1051510).

  - iwlwifi: dbg: split iwl_fw_error_dump to two functions
    (bsc#1119086).

  - iwlwifi: do not unmap as page memory that was mapped as
    single (bsc#1051510).

  - iwlwifi: fix bad dma handling in page_mem dumping flow
    (bsc#1120902).

  - iwlwifi: fw: use helper to determine whether to dump
    paging (bsc#1106434). Patch needed to be adjusted,
    because our tree does not have the global variable
    IWL_FW_ERROR_DUMP_PAGING

  - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version
    < 41 (bsc#1142635).

  - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510).

  - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT
    support (bsc#1142635).

  - iwlwifi: pcie: do not service an interrupt that was
    masked (bsc#1142635).

  - iwlwifi: pcie: fix ALIVE interrupt handling for gen2
    devices w/o MSI-X (bsc#1142635).

  - jbd2: flush_descriptor(): Do not decrease buffer head's
    ref count (bsc#1143843).

  - jbd2: introduce jbd2_inode dirty range scoping
    (bsc#1148616).

  - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010).

  - kasan: remove redundant initialization of variable
    'real_size' (git fixes).

  - kconfig/[mn]conf: handle backspace (^H) key
    (bsc#1051510).

  - keys: Fix missing NULL pointer check in
    request_key_auth_describe() (bsc#1051510).

  - KVM: Fix leak vCPU's VMCS value into other pCPU
    (bsc#1145388).

  - KVM: LAPIC: Fix pending interrupt in IRR blocked by
    software disable LAPIC (bsc#1145408).

  - KVM: nVMX: allow setting the VMFUNC controls MSR
    (bsc#1145389).

  - KVM: nVMX: do not use dangling shadow VMCS after guest
    reset (bsc#1145390).

  - kvm: nVMX: Remove unnecessary sync_roots from
    handle_invept (bsc#1145391).

  - KVM: nVMX: Use adjusted pin controls for vmcs02
    (bsc#1145392).

  - KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation
    (bsc#1061840).

  - KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT
    with bad value (bsc#1145393).

  - KVM: VMX: check CPUID before allowing read/write of
    IA32_XSS (bsc#1145394).

  - KVM: VMX: Fix handling of #MC that occurs during
    VM-Entry (bsc#1145395).

  - KVM: x86: degrade WARN to pr_warn_ratelimited
    (bsc#1145409).

  - KVM: x86: Do not update RIP or do single-step on
    faulting emulation (bsc#1149104).

  - KVM: x86: fix backward migration with async_PF
    (bsc#1146074).

  - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array
    emulated_msrs (bsc#1134881 bsc#1134882).

  - KVM: X86: Reduce the overhead when lapic_timer_advance
    is disabled (bsc#1149083).

  - KVM: x86: Unconditionally enable irqs in guest context
    (bsc#1145396).

  - KVM: x86/vPMU: refine kvm_pmu err msg when event
    creation failed (bsc#1145397).

  - lan78xx: Fix memory leaks (bsc#1051510).

  - libata: add SG safety checks in SFF pio transfers
    (bsc#1051510).

  - libata: have ata_scsi_rw_xlat() fail invalid passthrough
    requests (bsc#1051510).

  - libceph: allow ceph_buffer_put() to receive a NULL
    ceph_buffer (bsc#1148133).

  - libceph: fix PG split vs OSD (re)connect race
    (bsc#1148133).

  - libnvdimm/pfn: Store correct value of npfns in namespace
    superblock (bsc#1146381 ltc#180720).

  - liquidio: add cleanup in octeon_setup_iq()
    (bsc#1051510).

  - loop: set PF_MEMALLOC_NOIO for the worker thread (git
    fixes).

  - mac80211: do not warn about CW params when not using
    them (bsc#1051510).

  - mac80211: do not WARN on short WMM parameters from AP
    (bsc#1051510).

  - mac80211: fix possible memory leak in
    ieee80211_assign_beacon (bsc#1142635).

  - mac80211: fix possible sta leak (bsc#1051510).

  - md: add mddev->pers to avoid potential NULL pointer
    dereference (git fixes).

  - md/raid: raid5 preserve the writeback action after the
    parity check (git fixes).

  - media: au0828: fix null dereference in error path
    (bsc#1051510).

  - media: pvrusb2: use a different format for warnings
    (bsc#1051510).

  - mfd: arizona: Fix undefined behavior (bsc#1051510).

  - mfd: core: Set fwnode for created devices (bsc#1051510).

  - mfd: hi655x-pmic: Fix missing return value check for
    devm_regmap_init_mmio_clk (bsc#1051510).

  - mfd: intel-lpss: Add Intel Comet Lake PCI IDs
    (jsc#SLE-4875).

  - mm: add filemap_fdatawait_range_keep_errors()
    (bsc#1148616).

  - mmc: cavium: Add the missing dma unmap when the dma has
    finished (bsc#1051510).

  - mmc: cavium: Set the correct dma max segment size for
    mmc_host (bsc#1051510).

  - mmc: core: Fix init of SD cards reporting an invalid VDD
    range (bsc#1051510).

  - mmc: dw_mmc: Fix occasional hang after tuning on eMMC
    (bsc#1051510).

  - mmc: sdhci-of-at91: add quirk for broken HS200
    (bsc#1051510).

  - mmc: sdhci-pci: Add support for Intel CML
    (jsc#SLE-4875).

  - mmc: sdhci-pci: Add support for Intel ICP
    (jsc#SLE-4875).

  - mm: do not stall register_shrinker() (bsc#1104902, VM
    Performance).

  - mm/hmm: fix bad subpage pointer in try_to_unmap_one
    (bsc#1148202, HMM, VM Functionality).

  - mm/hotplug: fix offline undo_isolate_page_range()
    (bsc#1148196, VM Functionality).

  - mm/list_lru.c: fix memory leak in
    __memcg_init_list_lru_node (bsc#1148379, VM
    Functionality).

  - mm/memcontrol.c: fix use after free in mem_cgroup_iter()
    (bsc#1149224, VM Functionality).

  - mm/memory.c: recheck page table entry with page table
    lock held (bsc#1148363, VM Functionality).

  - mm/migrate.c: initialize pud_entry in migrate_vma()
    (bsc#1148198, HMM, VM Functionality).

  - mm/mlock.c: change count_mm_mlocked_page_nr return type
    (bsc#1148527, VM Functionality).

  - mm/mlock.c: mlockall error for flag MCL_ONFAULT
    (bsc#1148527, VM Functionality).

  - mm/page_alloc.c: fix calculation of pgdat->nr_zones
    (bsc#1148192, VM Functionality).

  - mm: page_mapped: do not assume compound page is huge or
    THP (bsc#1148574, VM Functionality).

  - mm, page_owner: handle THP splits correctly
    (bsc#1149197, VM Debugging Functionality).

  - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
    (bsc#1118689).

  - mm/vmscan.c: fix trying to reclaim unevictable LRU page
    (bsc#1149214, VM Functionality).

  - move a few externs to smbdirect.h to eliminate warning
    (bsc#1144333).

  - mpls: fix warning with multi-label encap (bsc#1051510).

  - nbd: replace kill_bdev() with __invalidate_device()
    again (git fixes).

  - Negotiate and save preferred compression algorithms
    (bsc#1144333).

  - net: bcmgenet: use promisc for unsupported filters
    (networking-stable-19_07_25).

  - net: bridge: mcast: fix stale ipv6 hdr pointer when
    handling v6 query (networking-stable-19_07_25).

  - net: bridge: mcast: fix stale nsrcs pointer in
    igmp3/mld2 report handling (networking-stable-19_07_25).

  - net: bridge: stp: do not cache eth dest pointer before
    skb pull (networking-stable-19_07_25).

  - net: dsa: mv88e6xxx: wait after reset deactivation
    (networking-stable-19_07_25).

  - net: ena: add ethtool function for changing io queue
    sizes (bsc#1139020 bsc#1139021).

  - net: ena: add good checksum counter (bsc#1139020
    bsc#1139021).

  - net: ena: add handling of llq max tx burst size
    (bsc#1139020 bsc#1139021).

  - net: ena: add MAX_QUEUES_EXT get feature admin command
    (bsc#1139020 bsc#1139021).

  - net: ena: add newline at the end of pr_err prints
    (bsc#1139020 bsc#1139021).

  - net: ena: add support for changing max_header_size in
    LLQ mode (bsc#1139020 bsc#1139021).

  - net: ena: allow automatic fallback to polling mode
    (bsc#1139020 bsc#1139021).

  - net: ena: allow queue allocation backoff when low on
    memory (bsc#1139020 bsc#1139021).

  - net: ena: arrange ena_probe() function variables in
    reverse christmas tree (bsc#1139020 bsc#1139021).

  - net: ena: enable negotiating larger Rx ring size
    (bsc#1139020 bsc#1139021).

  - net: ena: ethtool: add extra properties retrieval via
    get_priv_flags (bsc#1139020 bsc#1139021).

  - net: ena: Fix bug where ring allocation backoff stopped
    too late (bsc#1139020 bsc#1139021).

  - net: ena: fix ena_com_fill_hash_function()
    implementation (bsc#1139020 bsc#1139021).

  - net: ena: fix: Free napi resources when ena_up() fails
    (bsc#1139020 bsc#1139021).

  - net: ena: fix incorrect test of supported hash function
    (bsc#1139020 bsc#1139021).

  - net: ena: fix: set freed objects to NULL to avoid
    failing future allocations (bsc#1139020 bsc#1139021).

  - net: ena: fix swapped parameters when calling
    ena_com_indirect_table_fill_entry (bsc#1139020
    bsc#1139021).

  - net: ena: gcc 8: fix compilation warning (bsc#1139020
    bsc#1139021).

  - net: ena: improve latency by disabling adaptive
    interrupt moderation by default (bsc#1139020
    bsc#1139021).

  - net: ena: make ethtool show correct current and max
    queue sizes (bsc#1139020 bsc#1139021).

  - net: ena: optimise calculations for CQ doorbell
    (bsc#1139020 bsc#1139021).

  - net: ena: remove inline keyword from functions in *.c
    (bsc#1139020 bsc#1139021).

  - net: ena: replace free_tx/rx_ids union with single
    free_ids field in ena_ring (bsc#1139020 bsc#1139021).

  - net: ena: update driver version from 2.0.3 to 2.1.0
    (bsc#1139020 bsc#1139021).

  - net: ena: use dev_info_once instead of static variable
    (bsc#1139020 bsc#1139021).

  - net: Fix netdev_WARN_ONCE macro (git-fixes).

  - net/ibmvnic: Fix missing ( in __ibmvnic_reset
    (bsc#1149652 ltc#179635).

  - net/ibmvnic: free reset work of removed device from
    queue (bsc#1149652 ltc#179635).

  - net: Introduce netdev_*_once functions
    (networking-stable-19_07_25).

  - net: make skb_dst_force return true when dst is
    refcounted (networking-stable-19_07_25).

  - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw
    command (bsc#1145678).

  - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn
    (networking-stable-19_07_25).

  - net: neigh: fix multiple neigh timer scheduling
    (networking-stable-19_07_25).

  - net: openvswitch: fix csum updates for MPLS actions
    (networking-stable-19_07_25).

  - netrom: fix a memory leak in nr_rx_frame()
    (networking-stable-19_07_25).

  - netrom: hold sock when setting skb->destructor
    (networking-stable-19_07_25).

  - net_sched: unset TCQ_F_CAN_BYPASS when adding filters
    (networking-stable-19_07_25).

  - net: sched: verify that q!=NULL before setting q->flags
    (git-fixes).

  - net: usb: pegasus: fix improper read if get_registers()
    fail (bsc#1051510).

  - NFS: Cleanup if nfs_match_client is interrupted
    (bsc#1134291).

  - NFS: Fix a double unlock from nfs_match,get_client
    (bsc#1134291).

  - NFS: Fix the inode request accounting when pages have
    subrequests (bsc#1140012).

  - NFS: make nfs_match_client killable (bsc#1134291).

  - nilfs2: do not use unexported
    cpu_to_le32()/le32_to_cpu() in uapi header (git fixes).

  - nvme: cancel request synchronously (bsc#1145661).

  - nvme: change locking for the per-subsystem controller
    list (bsc#1142541).

  - nvme-core: Fix extra device_put() call on error path
    (bsc#1142541).

  - nvme-fc: fix module unloads while lports still pending
    (bsc#1150033).

  - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN
    (bsc#1146938).

  - nvme-multipath: fix ana log nsid lookup when nsid is not
    found (bsc#1141554).

  - nvme-multipath: relax ANA state check (bsc#1123105).

  - nvme-multipath: revalidate nvme_ns_head gendisk in
    nvme_validate_ns (bsc#1120876).

  - nvme: Return BLK_STS_TARGET if the DNR bit is set
    (bsc#1142076).

  - objtool: Add rewind_stack_do_exit() to the noreturn list
    (bsc#1145302).

  - objtool: Support GCC 9 cold subfunction naming scheme
    (bsc#1145300).

  - octeon_mgmt: Fix MIX registers configuration on MTU
    setup (bsc#1051510).

  - PCI: PM/ACPI: Refresh all stale power state data in
    pci_pm_complete() (bsc#1149106).

  - PCI: Restore Resizable BAR size bits correctly for 1MB
    BARs (bsc#1143841).

  - phy: qcom-qusb2: Fix crash if nvmem cell not specified
    (bsc#1051510).

  - phy: renesas: rcar-gen2: Fix memory leak at error paths
    (bsc#1051510).

  - PM / devfreq: rk3399_dmc: do not print error when get
    supply and clk defer (bsc#1144718,bsc#1144813).

  - PM / devfreq: rk3399_dmc: fix spelling mistakes
    (bsc#1144718,bsc#1144813).

  - PM / devfreq: rk3399_dmc: Pass ODT and auto power down
    parameters to TF-A (bsc#1144718,bsc#1144813).

  - PM / devfreq: rk3399_dmc: remove unneeded semicolon
    (bsc#1144718,bsc#1144813).

  - PM / devfreq: rk3399_dmc: remove wait for dcf irq event
    (bsc#1144718,bsc#1144813).

  - PM / devfreq: rockchip-dfi: Move GRF definitions to a
    common place (bsc#1144718,bsc#1144813).

  - PM / OPP: OF: Use pr_debug() instead of pr_err() while
    adding OPP table (jsc#SLE-7294).

  - powerpc/64s: Include cpu header (bsc#1065729).

  - powerpc/64s: support nospectre_v2 cmdline option
    (bsc#1131107).

  - powerpc: Allow flush_(inval_)dcache_range to work across
    ranges >4GB (bsc#1146575 ltc#180764).

  - powerpc/book3s/64: check for NULL pointer in pgd_alloc()
    (bsc#1078248, git-fixes).

  - powerpc: dump kernel log before carrying out fadump or
    kdump (bsc#1149940 ltc#179958).

  - powerpc/fadump: Do not allow hot-remove memory from
    fadump reserved area (bsc#1120937).

  - powerpc/fadump: Reservationless firmware assisted dump
    (bsc#1120937).

  - powerpc/fadump: Throw proper error message on fadump
    registration failure (bsc#1120937).

  - powerpc/fadump: use kstrtoint to handle sysfs store
    (bsc#1146376).

  - powerpc/fadump: when fadump is supported register the
    fadump sysfs files (bsc#1146352).

  - powerpc/fsl: Add nospectre_v2 command line argument
    (bsc#1131107).

  - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107).

  - powerpc/lib: Fix feature fixup test of external branch
    (bsc#1065729).

  - powerpc/mm: Handle page table allocation failures
    (bsc#1065729).

  - powerpc/perf: Add constraints for power9 l2/l3 bus
    events (bsc#1056686).

  - powerpc/perf: Add mem access events to sysfs
    (bsc#1124370).

  - powerpc/perf: Cleanup cache_sel bits comment
    (bsc#1056686).

  - powerpc/perf: Fix thresholding counter data for unknown
    type (bsc#1056686).

  - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event
    list (bsc#1047238, bsc#1056686).

  - powerpc/perf: Update perf_regs structure to include SIER
    (bsc#1056686).

  - powerpc/powernv: Flush console before platform error
    reboot (bsc#1149940 ltc#179958).

  - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of
    numbers in interrupt handler (bsc#1065729).

  - powerpc/powernv: Return for invalid IMC domain
    (bsc1054914, git-fixes).

  - powerpc/powernv: Use kernel crash path for machine
    checks (bsc#1149940 ltc#179958).

  - powerpc/pseries: add missing cpumask.h include file
    (bsc#1065729).

  - powerpc/pseries: correctly track irq state in default
    idle (bsc#1150727 ltc#178925).

  - powerpc/pseries, ps3: panic flush kernel messages before
    halting system (bsc#1149940 ltc#179958).

  - powerpc/rtas: use device model APIs and serialization
    during LPM (bsc#1144123 ltc#178840).

  - powerpc/security: Show powerpc_security_features in
    debugfs (bsc#1131107).

  - powerpc/xive: Fix dump of XIVE interrupt under pseries
    (bsc#1142019).

  - powerpc/xive: Fix loop exit-condition in
    xive_find_target_in_mask() (bsc#1085030, bsc#1145189,
    LTC#179762).

  - powerpc/xmon: Add a dump of all XIVE interrupts
    (bsc#1142019).

  - powerpc/xmon: Check for HV mode when dumping XIVE info
    from OPAL (bsc#1142019).

  - qede: fix write to free'd pointer error and double free
    of ptp (bsc#1051510).

  - regulator: qcom_spmi: Fix math of
    spmi_regulator_set_voltage_time_sel (bsc#1051510).

  - Remove ifdef since SMB3 (and later) now STRONGLY
    preferred (bsc#1051510, bsc#1144333).

  - Revert 'Bluetooth: validate BLE connection interval
    updates' (bsc#1051510).

  - Revert 'cfg80211: fix processing world regdomain when
    non modular' (bsc#1051510).

  - Revert 'dm bufio: fix deadlock with loop device' (git
    fixes).

  - Revert i915 userptr page lock patch (bsc#1145051) 

  - Revert 'net: ena: ethtool: add extra properties
    retrieval via get_priv_flags' (bsc#1139020 bsc#1139021).

  - Revert
    patches.suse/0001-blk-wbt-Avoid-lock-contention-and-thun
    dering-herd-is.patch (bsc#1141543) 

  - rpm/kernel-binary.spec.in: Enable missing modules check.

  - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510).

  - rpmsg: smd: do not use mananged resources for endpoints
    and channels (bsc#1051510).

  - rpmsg: smd: fix memory leak on channel create
    (bsc#1051510).

  - rsi: improve kernel thread handling to fix kernel panic
    (bsc#1051510).

  - rslib: Fix decoding of shortened codes (bsc#1051510).

  - rslib: Fix handling of of caller provided syndrome
    (bsc#1051510).

  - rtc: pcf8523: do not return invalid date when battery is
    low (bsc#1051510).

  - rxrpc: Fix send on a connected, but unbound socket
    (networking-stable-19_07_25).

  - s390/cio: fix ccw_device_start_timeout API (bsc#1142109
    LTC#179339).

  - s390/dasd: fix endless loop after read unit address
    configuration (bsc#1144912 LTC#179907).

  - s390/qeth: avoid control IO completion stalls
    (bsc#1142109 LTC#179339).

  - s390/qeth: cancel cmd on early error (bsc#1142109
    LTC#179339).

  - s390/qeth: fix request-side race during cmd IO timeout
    (bsc#1142109 LTC#179339).

  - s390/qeth: release cmd buffer in error paths
    (bsc#1142109 LTC#179339).

  - s390/qeth: simplify reply object handling (bsc#1142109
    LTC#179339).

  - samples, bpf: fix to change the buffer size for read()
    (bsc#1051510).

  - samples: mei: use /dev/mei0 instead of /dev/mei
    (bsc#1051510).

  - sched/fair: Do not free p->numa_faults with concurrent
    readers (bsc#1144920).

  - sched/fair: Use RCU accessors consistently for
    ->numa_group (bsc#1144920).

  - scripts/checkstack.pl: Fix arm64 wrong or unknown
    architecture (bsc#1051510).

  - scripts/decode_stacktrace: only strip base path when a
    prefix of the path (bsc#1051510).

  - scripts/decode_stacktrace.sh: prefix addr2line with
    $CROSS_COMPILE (bsc#1051510).

  - scripts/gdb: fix lx-version string output (bsc#1051510).

  - scripts/git_sort/git_sort.py :

  - scsi: aacraid: Fix missing break in switch statement
    (git-fixes).

  - scsi: aacraid: Fix performance issue on logical drives
    (git-fixes).

  - scsi: aic94xx: fix an error code in aic94xx_init()
    (git-fixes).

  - scsi: aic94xx: fix module loading (git-fixes).

  - scsi: bfa: convert to strlcpy/strlcat (git-fixes).

  - scsi: bnx2fc: fix incorrect cast to u64 on shift
    operation (git-fixes).

  - scsi: bnx2fc: Fix NULL dereference in error handling
    (git-fixes).

  - scsi: core: Fix race on creating sense cache
    (git-fixes).

  - scsi: core: set result when the command cannot be
    dispatched (git-fixes).

  - scsi: core: Synchronize request queue PM status only on
    successful resume (git-fixes).

  - scsi: cxlflash: Mark expected switch fall-throughs
    (bsc#1148868).

  - scsi: cxlflash: Prevent deadlock when adapter probe
    fails (git-fixes).

  - scsi: esp_scsi: Track residual for PIO transfers
    (git-fixes) Also, mitigate kABI changes.

  - scsi: fas216: fix sense buffer initialization
    (git-fixes).

  - scsi: isci: initialize shost fully before calling
    scsi_add_host() (git-fixes).

  - scsi: libfc: fix NULL pointer dereference on a null
    lport (git-fixes).

  - scsi: libsas: delete sas port if expander discover
    failed (git-fixes).

  - scsi: libsas: Fix rphy phy_identifier for PHYs with end
    devices attached (git-fixes).

  - scsi: mac_scsi: Fix pseudo DMA implementation, take 2
    (git-fixes).

  - scsi: mac_scsi: Increase PIO/PDMA transfer length
    threshold (git-fixes).

  - scsi: megaraid: fix out-of-bound array accesses
    (git-fixes).

  - scsi: megaraid_sas: Fix calculation of target ID
    (git-fixes).

  - scsi: NCR5380: Always re-enable reselection interrupt
    (git-fixes).

  - scsi: qedf: Add debug information for unsolicited
    processing (bsc#1149976).

  - scsi: qedf: Add shutdown callback handler (bsc#1149976).

  - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976).

  - scsi: qedf: Check both the FCF and fabric ID before
    servicing clear virtual link (bsc#1149976).

  - scsi: qedf: Check for link state before processing LL2
    packets and send fipvlan retries (bsc#1149976).

  - scsi: qedf: Check for module unloading bit before
    processing link update AEN (bsc#1149976).

  - scsi: qedf: Decrease the LL2 MTU size to 2500
    (bsc#1149976).

  - scsi: qedf: Fix race betwen fipvlan request and response
    path (bsc#1149976).

  - scsi: qedf: Initiator fails to re-login to switch after
    link down (bsc#1149976).

  - scsi: qedf: Print message during bailout conditions
    (bsc#1149976).

  - scsi: qedf: remove memset/memcpy to nfunc and use func
    instead (git-fixes).

  - scsi: qedf: remove set but not used variables
    (bsc#1149976).

  - scsi: qedf: Stop sending fipvlan request on unload
    (bsc#1149976).

  - scsi: qedf: Update module description string
    (bsc#1149976).

  - scsi: qedf: Update the driver version to 8.37.25.20
    (bsc#1149976).

  - scsi: qedf: Update the version to 8.42.3.0
    (bsc#1149976).

  - scsi: qedf: Use discovery list to traverse rports
    (bsc#1149976).

  - scsi: qedi: remove declaration of nvm_image from stack
    (git-fixes).

  - scsi: qla2xxx: Add cleanup for PCI EEH recovery
    (bsc#1129424).

  - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts
    memory (git-fixes).

  - scsi: qla2xxx: Fix a format specifier (git-fixes).

  - scsi: qla2xxx: Fix an endian bug in
    fcpcmd_is_corrupted() (git-fixes).

  - scsi: qla2xxx: Fix device staying in blocked state
    (git-fixes).

  - scsi: qla2xxx: Fix error handling in
    qlt_alloc_qfull_cmd() (git-fixes).

  - scsi: qla2xxx: Unregister chrdev if module
    initialization fails (git-fixes).

  - scsi: qla2xxx: Update two source code comments
    (git-fixes).

  - scsi: qla4xxx: avoid freeing unallocated dma memory
    (git-fixes).

  - scsi: raid_attrs: fix unused variable warning
    (git-fixes).

  - scsi: scsi_dh_alua: Fix possible null-ptr-deref
    (git-fixes).

  - scsi: sd: Defer spinning up drive while SANITIZE is in
    progress (git-fixes).

  - scsi: sd: Fix a race between closing an sd device and sd
    I/O (git-fixes).

  - scsi: sd: Fix cache_type_store() (git-fixes).

  - scsi: sd: Optimal I/O size should be a multiple of
    physical block size (git-fixes).

  - scsi: sd: Quiesce warning if device does not report
    optimal I/O size (git-fixes).

  - scsi: sd: use mempool for discard special page
    (git-fixes).

  - scsi: sd_zbc: Fix potential memory leak (git-fixes).

  - scsi: smartpqi: unlock on error in
    pqi_submit_raid_request_synchronous() (git-fixes).

  - scsi: sr: Avoid that opening a CD-ROM hangs with runtime
    power management enabled (git-fixes).

  - scsi: ufs: Avoid runtime suspend possibly being blocked
    forever (git-fixes).

  - scsi: ufs: Check that space was properly alloced in
    copy_query_response (git-fixes).

  - scsi: ufs: Fix NULL pointer dereference in
    ufshcd_config_vreg_hpm() (git-fixes).

  - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
    (git-fixes).

  - scsi: ufs: fix wrong command type of UTRD for UFSHCI
    v2.1 (git-fixes).

  - scsi: use dma_get_cache_alignment() as minimum DMA
    alignment (git-fixes).

  - scsi: virtio_scsi: do not send sc payload with tmfs
    (git-fixes).

  - signal/cifs: Fix cifs_put_tcp_session to call send_sig
    instead of force_sig (bsc#1144333).

  - sis900: fix TX completion (bsc#1051510).

  - smb2: fix missing files in root share directory listing
    (bsc#1112907, bsc#1144333).

  - smb2: fix typo in definition of a few error flags
    (bsc#1144333).

  - smb2: fix uninitialized variable bug in
    smb2_ioctl_query_info (bsc#1144333).

  - smb3.1.1: Add GCM crypto to the encrypt and decrypt
    functions (bsc#1144333).

  - smb3.1.1 dialect is no longer experimental (bsc#1051510,
    bsc#1144333).

  - smb311: Fix reconnect (bsc#1051510, bsc#1144333).

  - smb311: Improve checking of negotiate security contexts
    (bsc#1051510, bsc#1144333).

  - smb3.11: replace a 4 with
    server->vals->header_preamble_size (bsc#1144333).

  - smb3: add additional ftrace entry points for entry/exit
    to cifs.ko (bsc#1144333).

  - smb3: add credits we receive from oplock/break PDUs
    (bsc#1144333).

  - smb3: add debug for unexpected mid cancellation
    (bsc#1144333).

  - smb3: Add debug message later in smb2/smb3 reconnect
    path (bsc#1144333).

  - smb3: add define for id for posix create context and
    corresponding struct (bsc#1144333).

  - smb3: Add defines for new negotiate contexts
    (bsc#1144333).

  - smb3: add dynamic trace point for query_info_enter/done
    (bsc#1144333).

  - smb3: add dynamic trace point for smb3_cmd_enter
    (bsc#1144333).

  - smb3: add dynamic tracepoint for timeout waiting for
    credits (bsc#1144333).

  - smb3: add dynamic tracepoints for simple fallocate and
    zero range (bsc#1144333).

  - smb3: Add dynamic trace points for various compounded
    smb3 ops (bsc#1144333).

  - smb3: Add ftrace tracepoints for improved SMB3 debugging
    (bsc#1144333).

  - smb3: Add handling for different FSCTL access flags
    (bsc#1144333).

  - smb3: add missing read completion trace point
    (bsc#1144333).

  - smb3: add module alias for smb3 to cifs.ko
    (bsc#1144333).

  - smb3: add new mount option to retrieve mode from special
    ACE (bsc#1144333).

  - smb3: Add posix create context for smb3.11 posix mounts
    (bsc#1144333).

  - smb3: Add protocol structs for change notify support
    (bsc#1144333).

  - smb3: add reconnect tracepoints (bsc#1144333).

  - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms
    (bsc#1144333).

  - smb3: add smb3.1.1 to default dialect list
    (bsc#1144333).

  - smb3: Add support for multidialect negotiate (SMB2.1 and
    later) (bsc#1051510, bsc#1144333).

  - smb3: add support for posix negotiate context
    (bsc#1144333).

  - smb3: add support for statfs for smb3.1.1 posix
    extensions (bsc#1144333).

  - smb3: add tracepoint for sending lease break responses
    to server (bsc#1144333).

  - smb3: add tracepoint for session expired or deleted
    (bsc#1144333).

  - smb3: add tracepoint for slow responses (bsc#1144333).

  - smb3: add trace point for tree connection (bsc#1144333).

  - smb3: add tracepoints for query dir (bsc#1144333).

  - smb3: Add tracepoints for read, write and query_dir
    enter (bsc#1144333).

  - smb3: add tracepoints for smb2/smb3 open (bsc#1144333).

  - smb3: add tracepoint to catch cases where credit refund
    of failed op overlaps reconnect (bsc#1144333).

  - smb3: add way to control slow response threshold for
    logging and stats (bsc#1144333).

  - smb3: allow more detailed protocol info on open files
    for debugging (bsc#1144333).

  - smb3: Allow persistent handle timeout to be configurable
    on mount (bsc#1144333).

  - smb3: allow posix mount option to enable new SMB311
    protocol extensions (bsc#1144333).

  - smb3: allow previous versions to be mounted with
    snapshot= mount parm (bsc#1144333).

  - smb3: Allow query of symlinks stored as reparse points
    (bsc#1144333).

  - smb3: Allow SMB3 FSCTL queries to be sent to server from
    tools (bsc#1144333).

  - smb3: allow stats which track session and share
    reconnects to be reset (bsc#1051510, bsc#1144333).

  - smb3: Backup intent flag missing for directory opens
    with backupuid mounts (bsc#1051510, bsc#1144333).

  - smb3: Backup intent flag missing from compounded ops
    (bsc#1144333).

  - smb3: check for and properly advertise directory lease
    support (bsc#1051510, bsc#1144333).

  - smb3 clean up debug output displaying network interfaces
    (bsc#1144333).

  - smb3: Cleanup license mess (bsc#1144333).

  - smb3: Clean up query symlink when reparse point
    (bsc#1144333).

  - smb3: create smb3 equivalent alias for cifs
    pseudo-xattrs (bsc#1144333).

  - smb3: directory sync should not return an error
    (bsc#1051510, bsc#1144333).

  - smb3: display bytes_read and bytes_written in smb3 stats
    (bsc#1144333).

  - smb3: display security information in
    /proc/fs/cifs/DebugData more accurately (bsc#1144333).

  - smb3: display session id in debug data (bsc#1144333).

  - smb3: display stats counters for number of slow commands
    (bsc#1144333).

  - smb3: display volume serial number for shares in
    /proc/fs/cifs/DebugData (bsc#1144333).

  - smb3: do not allow insecure cifs mounts when using smb3
    (bsc#1144333).

  - smb3: do not attempt cifs operation in smb3 query info
    error path (bsc#1051510, bsc#1144333).

  - smb3: do not display confusing message on mount to Azure
    servers (bsc#1144333).

  - smb3: do not display empty interface list (bsc#1144333).

  - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags
    (bsc#1085536, bsc#1144333).

  - smb3: do not request leases in symlink creation and
    query (bsc#1051510, bsc#1144333).

  - smb3: do not send compression info by default
    (bsc#1144333).

  - smb3: Do not send SMB3 SET_INFO if nothing changed
    (bsc#1051510, bsc#1144333).

  - smb3: enumerating snapshots was leaving part of the data
    off end (bsc#1051510, bsc#1144333).

  - smb3: fill in statfs fsid and correct namelen
    (bsc#1112905, bsc#1144333).

  - smb3: Fix 3.11 encryption to Windows and handle
    encrypted smb3 tcon (bsc#1051510, bsc#1144333).

  - smb3: fix bytes_read statistics (bsc#1144333).

  - smb3: fix corrupt path in subdirs on smb311 with posix
    (bsc#1144333).

  - smb3: Fix deadlock in validate negotiate hits reconnect
    (bsc#1144333).

  - smb3: Fix endian warning (bsc#1144333, bsc#1137884).

  - smb3: Fix enumerating snapshots to Azure (bsc#1144333).

  - smb3: fix large reads on encrypted connections
    (bsc#1144333).

  - smb3: fix lease break problem introduced by compounding
    (bsc#1144333).

  - smb3: Fix length checking of SMB3.11 negotiate request
    (bsc#1051510, bsc#1144333).

  - smb3: fix minor debug output for CONFIG_CIFS_STATS
    (bsc#1144333).

  - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333).

  - smb3: Fix potential memory leak when processing compound
    chain (bsc#1144333).

  - smb3: fix redundant opens on root (bsc#1144333).

  - smb3: fix reset of bytes read and written stats
    (bsc#1112906, bsc#1144333).

  - smb3: Fix rmdir compounding regression to strict servers
    (bsc#1144333).

  - smb3: Fix root directory when server returns inode
    number of zero (bsc#1051510, bsc#1144333).

  - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510,
    bsc#1144333).

  - smb3: fix various xid leaks (bsc#1051510, bsc#1144333).

  - smb3: for kerberos mounts display the credential uid
    used (bsc#1144333).

  - smb3: handle new statx fields (bsc#1085536,
    bsc#1144333).

  - smb3: if max_credits is specified then display it in
    /proc/mounts (bsc#1144333).

  - smb3: if server does not support posix do not allow
    posix mount option (bsc#1144333).

  - smb3: improve dynamic tracing of open and posix mkdir
    (bsc#1144333).

  - smb3: increase initial number of credits requested to
    allow write (bsc#1144333).

  - smb3: Kernel oops mounting a encryptData share with
    CONFIG_DEBUG_VIRTUAL (bsc#1144333).

  - smb3: Log at least once if tree connect fails during
    reconnect (bsc#1144333).

  - smb3: make default i/o size for smb3 mounts larger
    (bsc#1144333).

  - smb3: minor cleanup of compound_send_recv (bsc#1144333).

  - smb3: minor debugging clarifications in rfc1001 len
    processing (bsc#1144333).

  - smb3: minor missing defines relating to reparse points
    (bsc#1144333).

  - smb3: missing defines and structs for reparse point
    handling (bsc#1144333).

  - smb3: note that smb3.11 posix extensions mount option is
    experimental (bsc#1144333).

  - smb3: Number of requests sent should be displayed for
    SMB3 not just CIFS (bsc#1144333).

  - smb3: on kerberos mount if server does not specify auth
    type use krb5 (bsc#1051510, bsc#1144333).

  - smb3: on reconnect set PreviousSessionId field
    (bsc#1112899, bsc#1144333).

  - smb3: optimize open to not send query file internal info
    (bsc#1144333).

  - smb3: passthru query info does not check for SMB3 FSCTL
    passthru (bsc#1144333).

  - smb3: print tree id in debugdata in proc to be able to
    help logging (bsc#1144333).

  - smb3: query inode number on open via create context
    (bsc#1144333).

  - smb3: remove noisy warning message on mount
    (bsc#1129664, bsc#1144333).

  - smb3: remove per-session operations from per-tree
    connection stats (bsc#1144333).

  - smb3: rename encryption_required to
    smb3_encryption_required (bsc#1144333).

  - smb3: request more credits on normal (non-large
    read/write) ops (bsc#1144333).

  - smb3: request more credits on tree connect
    (bsc#1144333).

  - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of
    failing write (bsc#1144333).

  - smb3: send backup intent on compounded query info
    (bsc#1144333).

  - smb3: send CAP_DFS capability during session setup
    (bsc#1144333).

  - smb3: Send netname context during negotiate protocol
    (bsc#1144333).

  - smb3: show number of current open files in
    /proc/fs/cifs/Stats (bsc#1144333).

  - smb3: simplify code by removing CONFIG_CIFS_SMB311
    (bsc#1051510, bsc#1144333).

  - smb3: smbdirect no longer experimental (bsc#1144333).

  - smb3: snapshot mounts are read-only and make sure info
    is displayable about the mount (bsc#1144333).

  - smb3: track the instance of each session for debugging
    (bsc#1144333).

  - smb3: Track total time spent on roundtrips for each SMB3
    command (bsc#1144333).

  - smb3: trivial cleanup to smb2ops.c (bsc#1144333).

  - smb3: update comment to clarify enumerating snapshots
    (bsc#1144333).

  - smb3: update default requested iosize to 4MB from 1MB
    for recent dialects (bsc#1144333).

  - smb3: Update POSIX negotiate context with POSIX ctxt
    GUID (bsc#1144333).

  - smb3: Validate negotiate request must always be signed
    (bsc#1064597, bsc#1144333).

  - smb3: Warn user if trying to sign connection that
    authenticated as guest (bsc#1085536, bsc#1144333).

  - smbd: Make upper layer decide when to destroy the
    transport (bsc#1144333).

  - smb: fix leak of validate negotiate info response buffer
    (bsc#1064597, bsc#1144333).

  - smb: fix validate negotiate info uninitialised memory
    use (bsc#1064597, bsc#1144333).

  - smb: Validate negotiate (to protect against downgrade)
    even if signing off (bsc#1085536, bsc#1144333).

  - smpboot: Place the __percpu annotation correctly (git
    fixes).

  - soc: rockchip: power-domain: Add a sanity check on
    pd->num_clks (bsc#1144718,bsc#1144813).

  - soc: rockchip: power-domain: use clk_bulk APIs
    (bsc#1144718,bsc#1144813).

  - soc: rockchip: power-domain: Use
    of_clk_get_parent_count() instead of open coding
    (bsc#1144718,bsc#1144813).

  - sound: fix a memory leak bug (bsc#1051510).

  - spi: bcm2835aux: fix corruptions for longer spi
    transfers (bsc#1051510).

  - spi: bcm2835aux: remove dangerous uncontrolled read of
    fifo (bsc#1051510).

  - spi: bcm2835aux: unifying code between polling and
    interrupt driven code (bsc#1051510).

  - st21nfca_connectivity_event_received: null check the
    allocation (bsc#1051510).

  - staging: comedi: dt3000: Fix rounding up of timer
    divisor (bsc#1051510).

  - staging: comedi: dt3000: Fix signed integer overflow
    'divider * base' (bsc#1051510).

  - st_nci_hci_connectivity_event_received: null check the
    allocation (bsc#1051510).

  - supported.conf: Add missing modules (bsc#1066369).

  - tcp: Reset bytes_acked and bytes_received when
    disconnecting (networking-stable-19_07_25).

  - test_firmware: fix a memory leak bug (bsc#1051510).

  - tpm: Fix off-by-one when reading
    binary_bios_measurements (bsc#1082555).

  - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM
    operations (bsc#1082555).

  - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is
    incomplete (bsc#1082555).

  - tpm: Unify the send callback behaviour (bsc#1082555).

  - tpm: vtpm_proxy: Suppress error logging when in closed
    state (bsc#1082555).

  - Tree connect for SMB3.1.1 must be signed for
    non-encrypted shares (bsc#1051510, bsc#1144333).

  - treewide: Replace GPLv2 boilerplate/reference with SPDX
    - rule 231 (bsc#1144333).

  - udf: Fix incorrect final NOT_ALLOCATED (hole) extent
    length (bsc#1148617).

  - Update config files. (bsc#1145687) Add the following
    kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y
    CONFIG_HOTPLUG_PCI_ACPI=y

  - Update config files. - cifs: add CONFIG_CIFS_DEBUG_KEYS
    to dump encryption keys (bsc#1144333).

  - Update config files. - cifs: allow disabling insecure
    dialects in the config (bsc#1144333).

  - Update config files. - cifs: SMBD: Introduce kernel
    config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333).

  - update internal version number for cifs.ko
    (bsc#1144333).

  - Update
    patches.fixes/MD-fix-invalid-stored-role-for-a-disk-try2
    .patch (bsc#1143765).

  - Update
    patches.suse/ceph-remove-request-from-waiting-list-befor
    e-unregister.patch (bsc#1148133 bsc#1138539).

  - Update session and share information displayed for
    debugging SMB2/SMB3 (bsc#1144333).

  - Update version of cifs module (bsc#1144333).

  - usb: cdc-acm: make sure a refcount is taken early enough
    (bsc#1142635).

  - usb: CDC: fix sanity checks in CDC union parser
    (bsc#1142635).

  - usb: cdc-wdm: fix race between write and disconnect due
    to flag abuse (bsc#1051510).

  - usb: chipidea: udc: do not do hardware access if gadget
    has stopped (bsc#1051510).

  - usb: core: Fix races in character device registration
    and deregistraion (bsc#1051510).

  - usb: gadget: composite: Clear 'suspended' on
    reset/disconnect (bsc#1051510).

  - usb: gadget: udc: renesas_usb3: Fix sysfs interface of
    'role' (bsc#1142635).

  - usb: host: fotg2: restart hcd after port reset
    (bsc#1051510).

  - usb: host: ohci: fix a race condition between shutdown
    and irq (bsc#1051510).

  - usb: host: xhci-rcar: Fix timeout in xhci_suspend()
    (bsc#1051510).

  - usb: host: xhci: rcar: Fix typo in compatible string
    matching (bsc#1051510).

  - usb: iowarrior: fix deadlock on disconnect
    (bsc#1051510).

  - usb: serial: option: add D-Link DWM-222 device ID
    (bsc#1051510).

  - usb: serial: option: Add Motorola modem UARTs
    (bsc#1051510).

  - usb: serial: option: Add support for ZTE MF871A
    (bsc#1051510).

  - usb: serial: option: add the BroadMobi BM818 card
    (bsc#1051510).

  - usb-storage: Add new JMS567 revision to unusual_devs
    (bsc#1051510).

  - usb: storage: ums-realtek: Update module parameter
    description for auto_delink_en (bsc#1051510).

  - usb: storage: ums-realtek: Whitelist auto-delink support
    (bsc#1051510).

  - usb: usbfs: fix double-free of usb memory upon submiturb
    error (bsc#1051510).

  - usb: yurex: Fix use-after-free in yurex_delete
    (bsc#1051510).

  - vfs: fix page locking deadlocks when deduping files
    (bsc#1148619).

  - VMCI: Release resource if the work is already queued
    (bsc#1051510).

  - vrf: make sure skb->data contains ip header to make
    routing (networking-stable-19_07_25).

  - watchdog: bcm2835_wdt: Fix module autoload
    (bsc#1051510).

  - watchdog: core: fix NULL pointer dereference when
    releasing cdev (bsc#1051510).

  - watchdog: f71808e_wdt: fix F81866 bit operation
    (bsc#1051510).

  - watchdog: fix compile time error of pretimeout governors
    (bsc#1051510).

  - wimax/i2400m: fix a memory leak bug (bsc#1051510).

  - x86/boot: Fix memory leak in default_get_smp_config()
    (bsc#1114279).

  - x86/entry/64/compat: Fix stack switching for XEN PV
    (bsc#1108382).

  - x86/microcode: Fix the microcode load on CPU hotplug for
    real (bsc#1114279).

  - x86/mm: Check for pfn instead of page in
    vmalloc_sync_one() (bsc#1118689).

  - x86/mm: Sync also unmappings in vmalloc_sync_all()
    (bsc#1118689).

  - x86/speculation: Allow guests to use SSBD even if host
    does not (bsc#1114279).

  - x86/speculation/mds: Apply more accurate check on
    hypervisor platform (bsc#1114279).

  - x86/unwind: Add hardcoded ORC entry for NULL
    (bsc#1114279).

  - x86/unwind: Handle NULL pointer calls better in frame
    unwinder (bsc#1114279).

  - xen/swiotlb: fix condition for calling
    xen_destroy_contiguous_region() (bsc#1065600).

  - xfrm: Fix bucket count reported to userspace
    (bsc#1143300).

  - xfrm: Fix error return code in xfrm_output_one()
    (bsc#1143300).

  - xfrm: Fix NULL pointer dereference in xfrm_input when
    skb_dst_force clears the dst_entry (bsc#1143300).

  - xfrm: Fix NULL pointer dereference when skb_dst_force
    clears the dst_entry (bsc#1143300).

  - xfs: do not crash on null attr fork xfs_bmapi_read
    (bsc#1148035).

  - xfs: do not trip over uninitialized buffer on extent
    read of corrupted inode (bsc#1149053).

  - xfs: dump transaction usage details on log reservation
    overrun (bsc#1145235).

  - xfs: eliminate duplicate icreate tx reservation
    functions (bsc#1145235).

  - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize
    fails due to EDQUOT (bsc#1148032).

  - xfs: fix semicolon.cocci warnings (bsc#1145235).

  - xfs: fix up agi unlinked list reservations
    (bsc#1145235).

  - xfs: include an allocfree res for inobt modifications
    (bsc#1145235).

  - xfs: include inobt buffers in ifree tx log reservation
    (bsc#1145235).

  - xfs: print transaction log reservation on overrun
    (bsc#1145235).

  - xfs: refactor inode chunk alloc/free tx reservation
    (bsc#1145235).

  - xfs: refactor xlog_cil_insert_items() to facilitate
    transaction dump (bsc#1145235).

  - xfs: remove more ondisk directory corruption asserts
    (bsc#1148034).

  - xfs: separate shutdown from ticket reservation print
    helper (bsc#1145235).

  - xfs: truncate transaction does not modify the inobt
    (bsc#1145235)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://acl.bestbits.at"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.kernel.org/show_bug.cgi?id=202935"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047238"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050911"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1054914"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056686"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1060662"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1061843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064597"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064701"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066369"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071009"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071306"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1078248"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082555"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085030"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085536"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085539"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087092"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090734"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1091171"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093205"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106284"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106434"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112894"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112899"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112905"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112906"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112907"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114542"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118689"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120876"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120937"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123105"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124370"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129424"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129519"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129664"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131107"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131565"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134291"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134881"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134882"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135219"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136261"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137884"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138539"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1139020"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1139021"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140012"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140487"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141543"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141554"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142019"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142076"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142109"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142541"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142635"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143300"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143765"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143841"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143843"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144123"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144333"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144718"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144880"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144886"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144912"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144920"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145010"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145051"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145059"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145189"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145235"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145300"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145302"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145388"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145389"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145390"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145391"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145392"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145393"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145394"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145395"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145396"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145397"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145408"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145409"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145661"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145678"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145687"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145920"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145922"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145934"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145937"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145940"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145941"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145942"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146074"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146084"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146163"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146285"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146346"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146351"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146352"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146361"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146376"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146378"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146381"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146391"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146399"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146413"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146425"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146512"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146514"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146516"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146519"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146524"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146526"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146529"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146531"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146543"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146547"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146550"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146575"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146589"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146678"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146938"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148031"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148032"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148033"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148034"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148035"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148093"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148133"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148192"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148196"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148198"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148202"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148303"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148363"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148379"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148394"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148574"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148616"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148617"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148619"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148859"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148868"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149053"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149083"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149104"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149105"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149106"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149197"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149214"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149224"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149325"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149376"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149413"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149418"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149424"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149522"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149539"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149552"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149591"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149602"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149626"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149713"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149940"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149976"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150025"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150033"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150112"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150562"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150727"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150860"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150861"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150933"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected the Linux Kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/25");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debugsource-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debugsource-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-devel-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-docs-html-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debugsource-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-macros-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-debugsource-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-qa-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-vanilla-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-syms-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debugsource-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-4.12.14-lp150.12.73.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.73.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
}
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1940.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-14821 Matt Delco reported a race condition in KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id129505
    published2019-10-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129505
    titleDebian DLA-1940-1 : linux-4.9 security update
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1940-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(129505);
  script_version("1.4");
  script_cvs_date("Date: 2019/12/23");

  script_cve_id("CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15902");

  script_name(english:"Debian DLA-1940-1 : linux-4.9 security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2019-14821

Matt Delco reported a race condition in KVM's coalesced MMIO facility,
which could lead to out-of-bounds access in the kernel. A local
attacker permitted to access /dev/kvm could use this to cause a denial
of service (memory corruption or crash) or possibly for privilege
escalation.

CVE-2019-14835

Peter Pi of Tencent Blade Team discovered a missing bounds check in
vhost_net, the network back-end driver for KVM hosts, leading to a
buffer overflow when the host begins live migration of a VM. An
attacker in control of a VM could use this to cause a denial of
service (memory corruption or crash) or possibly for privilege
escalation on the host.

CVE-2019-15117

Hui Peng and Mathias Payer reported a missing bounds check in the
usb-audio driver's descriptor parsing code, leading to a buffer
over-read. An attacker able to add USB devices could possibly use this
to cause a denial of service (crash).

CVE-2019-15118

Hui Peng and Mathias Payer reported unbounded recursion in the
usb-audio driver's descriptor parsing code, leading to a stack
overflow. An attacker able to add USB devices could use this to cause
a denial of service (memory corruption or crash) or possibly for
privilege escalation. On the amd64 architecture this is mitigated by a
guard page on the kernel stack, so that it is only possible to cause a
crash.

CVE-2019-15902

Brad Spengler reported that a backporting error reintroduced a
spectre-v1 vulnerability in the ptrace subsystem in the
ptrace_get_debugreg() function.

For Debian 8 'Jessie', these problems have been fixed in version
4.9.189-3+deb9u1~deb8u1.

We recommend that you upgrade your linux-4.9 packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/linux-4.9"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14835");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-manual-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-perf-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-4.9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.9-arm", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-doc-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-686", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-686-pae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-armel", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-armhf", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-i386", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-armmp", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-armmp-lpae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-common", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-common-rt", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-marvell", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-rt-686-pae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-rt-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686-pae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686-pae-dbg", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-amd64-dbg", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-armmp", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-armmp-lpae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-marvell", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-686-pae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-kbuild-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-manual-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-perf-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-source-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-support-4.9.0-0.bpo.7", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4162-1.NASL
    descriptionIt was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) It was discovered that the SMB networking file system implementation in the Linux kernel contained a buffer overread. An attacker could use this to expose sensitive information (kernel memory). (CVE-2019-15918). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130151
    published2019-10-22
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130151
    titleUbuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, (USN-4162-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4163-1.NASL
    descriptionIt was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2016-10906) It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel when handling certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18232) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130152
    published2019-10-22
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130152
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4163-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2181.NASL
    descriptionThe openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516 bnc#1146512 bnc#1146514) - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel
    last seen2020-04-01
    modified2019-09-25
    plugin id129345
    published2019-09-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129345
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-2181)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1930.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2016-10905 A race condition was discovered in the GFS2 file-system implementation, which could lead to a use-after-free. On a system using GFS2, a local attacker could use this for denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2018-20976 It was discovered that the XFS file-system implementation did not correctly handle some mount failure conditions, which could lead to a use-after-free. The security impact of this is unclear. CVE-2018-21008 It was discovered that the rsi wifi driver did not correctly handle some failure conditions, which could lead to a use-after- free. The security impact of this is unclear. CVE-2019-0136 It was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages. A nearby attacker could use this for denial of service (loss of wifi connectivity). CVE-2019-9506 Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered a weakness in the Bluetooth pairing protocols, dubbed the
    last seen2020-06-01
    modified2020-06-02
    plugin id129361
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129361
    titleDebian DLA-1930-1 : linux security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2201.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file driverset/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in netetlink/genetlink.c.(CVE-2019-15921)An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.(CVE-2019-15927)An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.(CVE-2019-15807)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-11-08
    plugin id130663
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130663
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2201)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2738-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel
    last seen2020-04-01
    modified2019-10-23
    plugin id130163
    published2019-10-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130163
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2738-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1186.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.(CVE-2012-3400)The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.(CVE-2013-2164)The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.(CVE-2013-2206)The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.(CVE-2013-6282)An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.(CVE-2018-20836)The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.(CVE-2019-11486)The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487)The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)A n issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.(CVE-2019-11810)An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.(CVE-2019-11811)A flaw was found in the Linux kernel
    last seen2020-05-03
    modified2020-03-11
    plugin id134387
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134387
    titleEulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2648-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 for Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel
    last seen2020-04-01
    modified2019-10-14
    plugin id129845
    published2019-10-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129845
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2648-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4531.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-14821 Matt Delco reported a race condition in KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id129306
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129306
    titleDebian DSA-4531-1 : linux - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2414-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following new features were implemented : jsc#SLE-4875: [CML] New device IDs for CML jsc#SLE-7294: Add cpufreq driver for Raspberry Pi fate#321840: Reduce memory required to boot capture kernel while using fadump fate#326869: perf: pmu mem_load/store event support fate:327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times The following security bugs were fixed: CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users
    last seen2020-04-01
    modified2019-09-23
    plugin id129156
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129156
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2414-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2299-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id128542
    published2019-09-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128542
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2299-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2424-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following new features were implemented : jsc#SLE-4875: [CML] New device IDs for CML jsc#SLE-7294: Add cpufreq driver for Raspberry Pi fate#326869: perf: pmu mem_load/store event support fate#327380: KVM: Add hardware CPU Model - kernel part fate#327377: KVM: Support for configurable virtio-crypto fate#327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times fate#326472: Marvell Armada 7K/8K Ethernet (incl. 10G) kernel enablement fate#326416: Hi1620 (Vendor: Huawei): RDMA kernel enablement fate#326415: Hi1620 (Vendor: Huawei): HNS3 (100G) network kernel enablement The following security bugs were fixed: CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users
    last seen2020-04-01
    modified2019-09-23
    plugin id129157
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129157
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2424-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2353.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):The yam_ioctl function in drivers et/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2187)Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.(CVE-2016-2384)The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.(CVE-2016-2782)The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138)The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3140)The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.(CVE-2016-3689)The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.(CVE-2016-4569)sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.(CVE-2016-4578)The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.(CVE-2016-7425)The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.(CVE-2017-1000379)In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes(CVE-2017-11089)An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.(CVE-2017-13167)In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216)A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.(CVE-2017-13305)An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.(CVE-2017-14051)The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.(CVE-2017-18232)An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.(CVE-2018-10322)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.(CVE-2018-12896)An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.(CVE-2018-17972)An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.(CVE-2018-18710 )An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers et/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.(CVE-2018-20511)An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518 )Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-12-10
    plugin id131845
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131845
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-311-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 to fix security issues.
    last seen2020-03-17
    modified2019-11-08
    plugin id130751
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130751
    titleSlackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2412-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following new features were implemented : jsc#SLE-4875: [CML] New device IDs for CML jsc#SLE-7294: Add cpufreq driver for Raspberry Pi fate#322438: Integrate P9 XIVE support (on PowerVM only) fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only) fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only) fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump fate#326869: perf: pmu mem_load/store event support The following security bugs were fixed: CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users
    last seen2020-04-01
    modified2019-09-23
    plugin id129154
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129154
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2412-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2274.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.(CVE-2017-5754)The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.(CVE-2017-5897)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.(CVE-2017-7518)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.(CVE-2018-1066)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.(CVE-2018-13094)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant.(CVE-2018-7995)In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.(CVE-2018-9363)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-11-08
    plugin id130736
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130736
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)

References