Vulnerabilities > CVE-2019-15118 - Uncontrolled Recursion vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

Vulnerable Configurations

Part Description Count
OS
Linux
4149
OS
Canonical
4
OS
Debian
3
OS
Opensuse
2
OS
Netapp
2
Application
Netapp
4
Hardware
Netapp
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4147-1.NASL
    descriptionIt was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. (CVE-2019-15538) It was discovered that the Hisilicon HNS3 ethernet device driver in the Linux kernel contained an out of bounds access vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2019-15925) It was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2019-15926) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) It was discovered that the Line 6 USB driver for the Linux kernel contained a race condition when the device was disconnected. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15223). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129677
    published2019-10-07
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129677
    titleUbuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, (USN-4147-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4147-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129677);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/19");
    
      script_cve_id("CVE-2019-0136", "CVE-2019-10207", "CVE-2019-13631", "CVE-2019-15090", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15223", "CVE-2019-15538", "CVE-2019-15925", "CVE-2019-15926", "CVE-2019-9506");
      script_xref(name:"USN", value:"4147-1");
    
      script_name(english:"Ubuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, (USN-4147-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the Intel Wi-Fi device driver in the Linux
    kernel did not properly validate certain Tunneled Direct Link Setup
    (TDLS). A physically proximate attacker could use this to cause a
    denial of service (Wi-Fi disconnect). (CVE-2019-0136)
    
    It was discovered that the Bluetooth UART implementation in the Linux
    kernel did not properly check for missing tty operations. A local
    attacker could use this to cause a denial of service. (CVE-2019-10207)
    
    It was discovered that the GTCO tablet input driver in the Linux
    kernel did not properly bounds check the initial HID report sent by
    the device. A physically proximate attacker could use this to cause a
    denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2019-13631)
    
    It was discovered that an out-of-bounds read existed in the QLogic
    QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker
    could possibly use this to expose sensitive information (kernel
    memory). (CVE-2019-15090)
    
    Hui Peng and Mathias Payer discovered that the USB audio driver for
    the Linux kernel did not properly validate device meta data. A
    physically proximate attacker could use this to cause a denial of
    service (system crash). (CVE-2019-15117)
    
    Hui Peng and Mathias Payer discovered that the USB audio driver for
    the Linux kernel improperly performed recursion while handling device
    meta data. A physically proximate attacker could use this to cause a
    denial of service (system crash). (CVE-2019-15118)
    
    It was discovered that the Raremono AM/FM/SW radio device driver in
    the Linux kernel did not properly allocate memory, leading to a
    use-after-free. A physically proximate attacker could use this to
    cause a denial of service or possibly execute arbitrary code.
    (CVE-2019-15211)
    
    It was discovered at a double-free error existed in the USB Rio 500
    device driver for the Linux kernel. A physically proximate attacker
    could use this to cause a denial of service. (CVE-2019-15212)
    
    It was discovered that a race condition existed in the CPiA2
    video4linux device driver for the Linux kernel, leading to a
    use-after-free. A physically proximate attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2019-15215)
    
    It was discovered that a race condition existed in the Softmac USB
    Prism54 device driver in the Linux kernel. A physically proximate
    attacker could use this to cause a denial of service (system crash).
    (CVE-2019-15220)
    
    Benjamin Moody discovered that the XFS file system in the Linux kernel
    did not properly handle an error condition when out of disk quota. A
    local attacker could possibly use this to cause a denial of service.
    (CVE-2019-15538)
    
    It was discovered that the Hisilicon HNS3 ethernet device driver in
    the Linux kernel contained an out of bounds access vulnerability. A
    local attacker could use this to possibly cause a denial of service
    (system crash). (CVE-2019-15925)
    
    It was discovered that the Atheros mobile chipset driver in the Linux
    kernel did not properly validate data in some situations. An attacker
    could use this to cause a denial of service (system crash).
    (CVE-2019-15926)
    
    Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen
    discovered that the Bluetooth protocol BR/EDR specification did not
    properly require sufficiently strong encryption key lengths. A
    physically proximate attacker could use this to expose sensitive
    information. (CVE-2019-9506)
    
    It was discovered that ZR364XX Camera USB device driver for the Linux
    kernel did not properly initialize memory. A physically proximate
    attacker could use this to cause a denial of service (system crash).
    (CVE-2019-15217)
    
    It was discovered that the Siano USB MDTV receiver device driver in
    the Linux kernel made improper assumptions about the device
    characteristics. A physically proximate attacker could use this cause
    a denial of service (system crash). (CVE-2019-15218)
    
    It was discovered that the Line 6 POD USB device driver in the Linux
    kernel did not properly validate data size information from the
    device. A physically proximate attacker could use this to cause a
    denial of service (system crash). (CVE-2019-15221)
    
    It was discovered that the Line 6 USB driver for the Linux kernel
    contained a race condition when the device was disconnected. A
    physically proximate attacker could use this to cause a denial of
    service (system crash). (CVE-2019-15223).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4147-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 19.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2019-0136", "CVE-2019-10207", "CVE-2019-13631", "CVE-2019-15090", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15223", "CVE-2019-15538", "CVE-2019-15925", "CVE-2019-15926", "CVE-2019-9506");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4147-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.0.0-1020-gke", pkgver:"5.0.0-1020.20~18.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.0.0-31-generic", pkgver:"5.0.0-31.33~18.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.0.0-31-generic-lpae", pkgver:"5.0.0-31.33~18.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.0.0-31-lowlatency", pkgver:"5.0.0-31.33~18.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-lpae-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-gke-5.0", pkgver:"5.0.0.1020.9")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-lowlatency-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-snapdragon-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-virtual-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1018-aws", pkgver:"5.0.0-1018.20")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1019-kvm", pkgver:"5.0.0-1019.20")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1019-raspi2", pkgver:"5.0.0-1019.19")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1020-gcp", pkgver:"5.0.0-1020.20")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1022-azure", pkgver:"5.0.0-1022.23")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1023-snapdragon", pkgver:"5.0.0-1023.24")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-31-generic", pkgver:"5.0.0-31.33")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-31-generic-lpae", pkgver:"5.0.0-31.33")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-31-lowlatency", pkgver:"5.0.0-31.33")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-aws", pkgver:"5.0.0.1018.19")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-azure", pkgver:"5.0.0.1022.21")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-gcp", pkgver:"5.0.0.1020.46")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-generic", pkgver:"5.0.0.31.32")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-generic-lpae", pkgver:"5.0.0.31.32")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-gke", pkgver:"5.0.0.1020.46")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-kvm", pkgver:"5.0.0.1019.19")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-lowlatency", pkgver:"5.0.0.31.32")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-raspi2", pkgver:"5.0.0.1019.16")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-snapdragon", pkgver:"5.0.0.1023.16")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-virtual", pkgver:"5.0.0.31.32")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-5.0-aws / linux-image-5.0-azure / linux-image-5.0-gcp / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2950-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130950
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130950
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2950-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130950);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/12");
    
      script_cve_id("CVE-2016-10906", "CVE-2017-18509", "CVE-2017-18551", "CVE-2017-18595", "CVE-2018-12207", "CVE-2018-20976", "CVE-2019-10207", "CVE-2019-10220", "CVE-2019-11135", "CVE-2019-11477", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15098", "CVE-2019-15118", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15290", "CVE-2019-15291", "CVE-2019-15505", "CVE-2019-15807", "CVE-2019-15902", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16413", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-9456", "CVE-2019-9506");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit
    a race condition in the Instruction Fetch Unit of the Intel CPU to
    cause a Machine Exception during Page Size Change, causing the CPU
    core to be non-functional.
    
    The Linux Kernel KVM hypervisor was adjusted to avoid page size
    changes in executable pages by splitting / merging huge pages into
    small pages as needed. More information can be found on
    https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135:
    Aborting an asynchronous TSX operation on Intel CPUs with
    Transactional Memory support could be used to facilitate sidechannel
    information leaks out of microarchitectural buffers, similar to the
    previously described 'Microarchitectural Data Sampling' attack.
    
    The Linux kernel was supplemented with the option to disable TSX
    operation altogether (requiring CPU Microcode updates on older
    systems) and better flushing of microarchitectural buffers (VERW).
    
    The set of options available is described in our TID at
    https://www.suse.com/support/kb/doc/?id=7024251 CVE-2019-16233:
    drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return
    value, leading to a NULL pointer dereference. (bsc#1150457).
    
    CVE-2019-10220: Added sanity checks on the pathnames passed to the
    user space. (bsc#1144903).
    
    CVE-2019-16232: Fix a potential NULL pointer dereference in the
    Marwell libertas driver (bsc#1150465).
    
    CVE-2019-16234: iwlwifi pcie driver did not check the alloc_workqueue
    return value, leading to a NULL pointer dereference. (bsc#1150452).
    
    CVE-2019-17055: The AF_ISDN network module in the Linux kernel did not
    enforce CAP_NET_RAW, which meant that unprivileged users could create
    a raw socket (bnc#1152782).
    
    CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW,
    which meant that unprivileged users could create a raw socket
    (bsc#1152788).
    
    CVE-2019-16413: The 9p filesystem did not protect i_size_write()
    properly, which caused an i_size_read() infinite loop and denial of
    service on SMP systems (bnc#1151347).
    
    CVE-2019-15902: A backporting issue was discovered that re-introduced
    the Spectre vulnerability it had aimed to eliminate. This occurred
    because the backport process depends on cherry picking specific
    commits, and because two (correctly ordered) code lines were swapped
    (bnc#1149376).
    
    CVE-2019-15291: Fixed a NULL pointer dereference issue that could be
    caused by a malicious USB device (bnc#11465).
    
    CVE-2019-15807: Fixed a memory leak in the SCSI module that could be
    abused to cause denial of service (bnc#1148938).
    
    CVE-2019-14821: An out-of-bounds access issue was fixed in the
    kernel's KVM hypervisor. An unprivileged host user or process with
    access to '/dev/kvm' device could use this flaw to crash the host
    kernel, resulting in a denial of service or potentially escalating
    privileges on the system (bnc#1151350).
    
    CVE-2019-15505: An out-of-bounds issue had been fixed that could be
    caused by crafted USB device traffic (bnc#1147122).
    
    CVE-2017-18595: A double free in allocate_trace_buffer was fixed
    (bnc#1149555).
    
    CVE-2019-14835: A buffer overflow flaw was found in the kernel's vhost
    functionality that translates virtqueue buffers to IOVs. A privileged
    guest user able to pass descriptors with invalid length to the host
    could use this flaw to increase their privileges on the host
    (bnc#1150112).
    
    CVE-2019-15216: A NULL pointer dereference was fixed that could be
    malicious USB device (bnc#1146361).
    
    CVE-2019-9456: An out-of-bounds write in the USB monitor driver has
    been fixed. This issue could lead to local escalation of privilege
    with System execution privileges needed. (bnc#1150025).
    
    CVE-2019-15926: An out-of-bounds access was fixed in the
    drivers/net/wireless/ath/ath6kl module. (bnc#1149527).
    
    CVE-2019-15927: An out-of-bounds access was fixed in the
    sound/usb/mixer module (bnc#1149522).
    
    CVE-2019-15219: A NULL pointer dereference was fixed that could be
    abused by a malicious USB device (bnc#1146524).
    
    CVE-2019-15220: A use-after-free issue was fixed that could be caused
    by a malicious USB device (bnc#1146526).
    
    CVE-2019-15221: A NULL pointer dereference was fixed that could be
    caused by a malicious USB device (bnc#1146529).
    
    CVE-2019-14814: A heap-based buffer overflow was fixed in the marvell
    wifi chip driver. That issue allowed local users to cause a denial of
    service (system crash) or possibly execute arbitrary code
    (bnc#1146512).
    
    CVE-2019-14815: A missing length check while parsing WMM IEs was fixed
    (bsc#1146512, bsc#1146514, bsc#1146516).
    
    CVE-2019-14816: A heap-based buffer overflow in the marvell wifi chip
    driver was fixed. Local users would have abused this issue to cause a
    denial of service (system crash) or possibly execute arbitrary code
    (bnc#1146516).
    
    CVE-2017-18509: An issue in net/ipv6 as fixed. By setting a specific
    socket option, an attacker could control a pointer in kernel land and
    cause an inet_csk_listen_stop general protection fault, or potentially
    execute arbitrary code under certain circumstances. The issue can be
    triggered as root (e.g., inside a default LXC container or with the
    CAP_NET_ADMIN capability) or after namespace unsharing. (bnc#1145477)
    
    CVE-2019-9506: The Bluetooth BR/EDR specification used to permit
    sufficiently low encryption key length and did not prevent an attacker
    from influencing the key length negotiation. This allowed practical
    brute-force attacks (aka 'KNOB') that could decrypt traffic and inject
    arbitrary ciphertext without the victim noticing (bnc#1137865).
    
    CVE-2019-15098: A NULL pointer dereference in drivers/net/wireless/ath
    was fixed (bnc#1146378).
    
    CVE-2019-15290: A NULL pointer dereference in
    ath6kl_usb_alloc_urb_from_pipe was fixed (bsc#1146378).
    
    CVE-2019-15212: A double-free issue was fixed in drivers/usb driver
    (bnc#1146391).
    
    CVE-2016-10906: A use-after-free issue was fixed in
    drivers/net/ethernet/arc (bnc#1146584).
    
    CVE-2019-15217: A a NULL pointer dereference issue caused by a
    malicious USB device was fixed in the drivers/media/usb/zr364xx driver
    (bnc#1146519).
    
    CVE-2019-15218: A NULL pointer dereference caused by a malicious USB
    device was fixed in the drivers/media/usb/siano driver (bnc#1146413).
    
    CVE-2019-15215: A use-after-free issue caused by a malicious USB
    device was fixed in the drivers/media/usb/cpia2 driver (bnc#1146425).
    
    CVE-2018-20976: A use-after-free issue was fixed in the fs/xfs driver
    (bnc#1146285).
    
    CVE-2017-18551: An out-of-bounds write was fixed in the drivers/i2c
    driver (bnc#1146163).
    
    CVE-2019-10207: Add checks for missing tty operations to prevent
    unprivileged user to execute 0x0 address (bsc#1142857 bsc#1123959)
    
    CVE-2019-15118: ALSA: usb-audio: Fix a stack-based buffer overflow bug
    in check_input_term leading to kernel stack exhaustion (bsc#1145922).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123959"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137865"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137944"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1139073"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1139751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1142857"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146361"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146413"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146425"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146512"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146516"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146526"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146529"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146540"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146543"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146584"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146612"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1147122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1148938"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149522"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150025"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150112"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150452"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150457"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151347"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151350"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152782"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153119"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=999278"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10906/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18509/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18551/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-18595/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20976/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10220/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11135/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11477/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14814/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14815/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14816/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14821/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14835/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15098/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15118/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15212/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15215/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15216/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15217/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15218/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15219/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15220/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15221/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15290/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15291/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15505/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15807/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15902/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15926/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15927/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16232/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16233/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16234/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16413/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17055/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17056/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9456/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9506/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/support/kb/doc/?id=7023735"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/support/kb/doc/?id=7024251"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?00e1d55f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
    SUSE-SLE-SAP-12-SP1-2019-2950=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2019-2950=1
    
    SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
    SUSE-SLE-Module-Public-Cloud-12-2019-2950=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_124-xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_124-default-1-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_124-xen-1-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"kernel-default-man-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-debuginfo-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debuginfo-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debugsource-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-devel-3.12.74-60.64.124.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-syms-3.12.74-60.64.124.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2263-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358). CVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045). CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143189). CVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default (bsc#1143191). CVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399). CVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c (bnc#1142254). CVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023). CVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in sound/usb/mixer.c via mishandled recursion (bnc#1145922). CVE-2019-15117: Fixed out-of-bounds memory access in parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short descriptor (bnc#1145920). CVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id128470
    published2019-09-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128470
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2263-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128470);
      script_version("1.4");
      script_cvs_date("Date: 2020/02/18");
    
      script_cve_id("CVE-2018-20855", "CVE-2018-20856", "CVE-2019-10207", "CVE-2019-1125", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-3819");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358).
    
    CVE-2018-20855: An issue was discovered in create_qp_common in
    drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never
    initialized, resulting in a leak of stack memory to userspace
    (bsc#1143045).
    
    CVE-2019-14284: The drivers/block/floppy.c allowed a denial of service
    by setup_format_params division-by-zero. Two consecutive ioctls can
    trigger the bug: the first one should set the drive geometry with
    .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the
    floppy format operation should be called. It can be triggered by an
    unprivileged local user even when a floppy disk has not been inserted.
    NOTE: QEMU creates the floppy device by default (bsc#1143189).
    
    CVE-2019-14283: The function set_geometry in drivers/block/floppy.c
    did not validate the sect and head fields, as demonstrated by an
    integer overflow and out-of-bounds read. It can be triggered by an
    unprivileged local user when a floppy disk has been inserted. NOTE:
    QEMU creates the floppy device by default (bsc#1143191).
    
    CVE-2019-11810: A NULL pointer dereference can occur when
    megasas_create_frame_pool() fails in megasas_alloc_cmds() in
    drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of
    Service, related to a use-after-free (bsc#1134399).
    
    CVE-2019-13648: In the Linux kernel on the powerpc platform, when
    hardware transactional memory is disabled, a local user can cause a
    denial of service (TM Bad Thing exception and system crash) via a
    sigreturn() system call that sends a crafted signal frame. This
    affects arch/powerpc/kernel/signal_32.c and
    arch/powerpc/kernel/signal_64.c (bnc#1142254).
    
    CVE-2019-13631: In parse_hid_report_descriptor in
    drivers/input/tablet/gtco.c, a malicious USB device can send an HID
    report that triggers an out-of-bounds write during generation of
    debugging messages (bsc#1142023).
    
    CVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in
    sound/usb/mixer.c via mishandled recursion (bnc#1145922).
    
    CVE-2019-15117: Fixed out-of-bounds memory access in
    parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short
    descriptor (bnc#1145920).
    
    CVE-2019-3819: A flaw was fixed in the function
    hid_debug_events_read() in drivers/hid/hid-debug.c file which may have
    enter an infinite loop with certain parameters passed from a
    userspace. A local privileged user ('root') could have caused a system
    lock up and a denial of service (bnc#1123161).
    
    CVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart
    (bsc#1142857).
    
    CVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c,
    where certain error case are mishandled (bnc#1143048).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1123161"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125674"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128977"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1130972"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133860"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134399"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135335"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135365"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137584"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1139358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1139826"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140945"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1141181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1141401"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1141402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1141452"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1141453"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1141454"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1142023"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1142254"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1142857"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143045"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143191"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144273"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144288"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144920"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145920"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1145922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20855/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-20856/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10207/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-1125/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11810/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-13631/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-13648/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14283/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14284/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15117/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15118/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3819/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192263-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?144f001a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud Crowbar 8:zypper in -t patch
    SUSE-OpenStack-Cloud-Crowbar-8-2019-2263=1
    
    SUSE OpenStack Cloud 8:zypper in -t patch
    SUSE-OpenStack-Cloud-8-2019-2263=1
    
    SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch
    SUSE-SLE-SAP-12-SP3-2019-2263=1
    
    SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-2263=1
    
    SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-BCL-2019-2263=1
    
    SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch
    SUSE-SLE-HA-12-SP3-2019-2263=1
    
    SUSE Enterprise Storage 5:zypper in -t patch
    SUSE-Storage-5-2019-2263=1
    
    SUSE CaaS Platform 3.0 :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.
    
    HPE Helion Openstack 8:zypper in -t patch
    HPE-Helion-OpenStack-8-2019-2263=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15117");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kgraft-patch-4_4_180-94_103-default-1-4.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kgraft-patch-4_4_180-94_103-default-debuginfo-1-4.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-base-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-base-debuginfo-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-syms-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"s390x", reference:"kernel-default-man-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-debuginfo-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debuginfo-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debugsource-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-devel-4.4.180-94.103.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-syms-4.4.180-94.103.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2173.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14814: A heap overflow in mwifiex_set_uap_rates() function of Marvell was fixed. (bnc#1146512). - CVE-2019-14815: A heap overflow in mwifiex_set_wmm_params() function of Marvell Wifi Driver was fixed. (bnc#1146514). - CVE-2019-14816: A heap overflow in mwifiex_update_vs_ie() function of Marvell Wifi Driver was fixed. (bnc#1146516). - CVE-2019-14835: A vhost/vhost_net kernel buffer overflow could lead to guest to host kernel escape during live migration (bnc#1150112). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users
    last seen2020-04-01
    modified2019-09-25
    plugin id129339
    published2019-09-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129339
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-2173)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-2173.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129339);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/31");
    
      script_cve_id("CVE-2017-18551", "CVE-2018-20976", "CVE-2018-21008", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14835", "CVE-2019-15030", "CVE-2019-15031", "CVE-2019-15090", "CVE-2019-15098", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15222", "CVE-2019-15239", "CVE-2019-15290", "CVE-2019-15292", "CVE-2019-15538", "CVE-2019-15666", "CVE-2019-15902", "CVE-2019-15917", "CVE-2019-15919", "CVE-2019-15920", "CVE-2019-15921", "CVE-2019-15924", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-9456");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-2173)");
      script_summary(english:"Check for the openSUSE-2019-2173 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 15.0 kernel was updated to receive various security
    and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2017-18551: There was an out of bounds write in the
        function i2c_smbus_xfer_emulated (bnc#1146163).
    
      - CVE-2018-20976: A use after free exists, related to
        xfs_fs_fill_super failure (bnc#1146285).
    
      - CVE-2018-21008: A use-after-free can be caused by the
        function rsi_mac80211_detach in the file
        drivers/net/wireless/rsi/rsi_91x_mac80211.c
        (bnc#1149591).
    
      - CVE-2019-14814: A heap overflow in
        mwifiex_set_uap_rates() function of Marvell was fixed.
        (bnc#1146512).
    
      - CVE-2019-14815: A heap overflow in
        mwifiex_set_wmm_params() function of Marvell Wifi Driver
        was fixed. (bnc#1146514).
    
      - CVE-2019-14816: A heap overflow in
        mwifiex_update_vs_ie() function of Marvell Wifi Driver
        was fixed. (bnc#1146516).
    
      - CVE-2019-14835: A vhost/vhost_net kernel buffer overflow
        could lead to guest to host kernel escape during live
        migration (bnc#1150112).
    
      - CVE-2019-15030: In the Linux kernel on the powerpc
        platform, a local user can read vector registers of
        other users' processes via a Facility Unavailable
        exception. To exploit the venerability, a local user
        starts a transaction (via the hardware transactional
        memory instruction tbegin) and then accesses vector
        registers. At some point, the vector registers will be
        corrupted with the values from a different local Linux
        process because of a missing
        arch/powerpc/kernel/process.c check (bnc#1149713).
    
      - CVE-2019-15031: In the Linux kernel on the powerpc
        platform, a local user can read vector registers of
        other users' processes via an interrupt. To exploit the
        venerability, a local user starts a transaction (via the
        hardware transactional memory instruction tbegin) and
        then accesses vector registers. At some point, the
        vector registers will be corrupted with the values from
        a different local Linux process, because MSR_TM_ACTIVE
        is misused in arch/powerpc/kernel/process.c
        (bnc#1149713).
    
      - CVE-2019-15090: In the qedi_dbg_* family of functions,
        there was an out-of-bounds read (bnc#1146399).
    
      - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c
        had a NULL pointer dereference via an incomplete address
        in an endpoint descriptor (bnc#1146378).
    
      - CVE-2019-15117: parse_audio_mixer_unit in
        sound/usb/mixer.c in the Linux kernel mishandled a short
        descriptor, leading to out-of-bounds memory access
        (bnc#1145920).
    
      - CVE-2019-15118: check_input_term in sound/usb/mixer.c in
        the Linux kernel mishandled recursion, leading to kernel
        stack exhaustion (bnc#1145922).
    
      - CVE-2019-15211: There was a use-after-free caused by a
        malicious USB device in the
        drivers/media/v4l2-core/v4l2-dev.c driver because
        drivers/media/radio/radio-raremono.c did not properly
        allocate memory (bnc#1146519).
    
      - CVE-2019-15212: There was a double-free caused by a
        malicious USB device in the drivers/usb/misc/rio500.c
        driver (bnc#1146391).
    
      - CVE-2019-15214: There was a use-after-free in the sound
        subsystem because card disconnection causes certain data
        structures to be deleted too early. This is related to
        sound/core/init.c and sound/core/info.c (bnc#1146550).
    
      - CVE-2019-15215: There was a use-after-free caused by a
        malicious USB device in the
        drivers/media/usb/cpia2/cpia2_usb.c driver
        (bnc#1146425).
    
      - CVE-2019-15216: There was a NULL pointer dereference
        caused by a malicious USB device in the
        drivers/usb/misc/yurex.c driver (bnc#1146361).
    
      - CVE-2019-15217: There was a NULL pointer dereference
        caused by a malicious USB device in the
        drivers/media/usb/zr364xx/zr364xx.c driver
        (bnc#1146547).
    
      - CVE-2019-15218: There was a NULL pointer dereference
        caused by a malicious USB device in the
        drivers/media/usb/siano/smsusb.c driver (bnc#1146413).
    
      - CVE-2019-15219: There was a NULL pointer dereference
        caused by a malicious USB device in the
        drivers/usb/misc/sisusbvga/sisusb.c driver
        (bnc#1146524).
    
      - CVE-2019-15220: There was a use-after-free caused by a
        malicious USB device in the
        drivers/net/wireless/intersil/p54/p54usb.c driver
        (bnc#1146526).
    
      - CVE-2019-15221: There was a NULL pointer dereference
        caused by a malicious USB device in the
        sound/usb/line6/pcm.c driver (bnc#1146529).
    
      - CVE-2019-15222: There was a NULL pointer dereference
        caused by a malicious USB device in the
        sound/usb/helper.c (motu_microbookii) driver
        (bnc#1146531).
    
      - CVE-2019-15239: In the Linux kernel, a certain
        net/ipv4/tcp_output.c change, which was properly
        incorporated into 4.16.12, was incorrectly backported to
        the earlier longterm kernels, introducing a new
        vulnerability that was potentially more severe than the
        issue that was intended to be fixed by backporting.
        Specifically, by adding to a write queue between
        disconnection and re-connection, a local attacker can
        trigger multiple use-after-free conditions. This can
        result in a kernel crash, or potentially in privilege
        escalation. (bnc#1146589)
    
      - CVE-2019-15290: There was a NULL pointer dereference
        caused by a malicious USB device in the
        ath6kl_usb_alloc_urb_from_pipe function in the
        drivers/net/wireless/ath/ath6kl/usb.c driver
        (bnc#1146378 bnc#1146543).
    
      - CVE-2019-15292: There was a use-after-free in
        atalk_proc_exit, related to net/appletalk/atalk_proc.c,
        net/appletalk/ddp.c, and
        net/appletalk/sysctl_net_atalk.c (bnc#1146678).
    
      - CVE-2019-15538: XFS partially wedges when a chgrp fails
        on account of being out of disk quota.
        xfs_setattr_nonsize is failing to unlock the ILOCK after
        the xfs_qm_vop_chown_reserve call fails. This is
        primarily a local DoS attack vector, but it might result
        as well in remote DoS if the XFS filesystem is exported
        for instance via NFS (bnc#1148093).
    
      - CVE-2019-15666: There was an out-of-bounds array access
        in __xfrm_policy_unlink, which will cause denial of
        service, because verify_newpolicy_info in
        net/xfrm/xfrm_user.c mishandled directory validation
        (bnc#1148394).
    
      - CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix
        possible spectre-v1 in ptrace_get_debugreg()' commit
        reintroduced the Spectre vulnerability that it aimed to
        eliminate. This occurred because the backport process
        depends on cherry picking specific commits, and because
        two (correctly ordered) code lines were swapped
        (bnc#1149376).
    
      - CVE-2019-15917: There was a use-after-free issue when
        hci_uart_register_dev() fails in hci_uart_set_proto() in
        drivers/bluetooth/hci_ldisc.c (bnc#1149539).
    
      - CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a
        use-after-free (bnc#1149552).
    
      - CVE-2019-15920: An issue was discovered in the Linux
        kernel SMB2_read in fs/cifs/smb2pdu.c had a
        use-after-free. NOTE: this was not fixed correctly in
        5.0.10; see the 5.0.11 ChangeLog, which documents a
        memory leak (bnc#1149626).
    
      - CVE-2019-15921: There was a memory leak issue when
        idr_alloc() fails in genl_register_family() in
        net/netlink/genetlink.c (bnc#1149602).
    
      - CVE-2019-15924: The fm10k_init_module in
        drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL
        pointer dereference because there is no -ENOMEM upon an
        alloc_workqueue failure (bnc#1149612).
    
      - CVE-2019-15926: Out of bounds access exists in the
        functions ath6kl_wmi_pstream_timeout_event_rx and
        ath6kl_wmi_cac_event_rx in the file
        drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527).
    
      - CVE-2019-15927: An out-of-bounds access exists in the
        function build_audio_procunit in the file
        sound/usb/mixer.c (bnc#1149522).
    
      - CVE-2019-9456: In USB monitor driver there is a possible
        OOB write due to a missing bounds check. This could lead
        to local escalation of privilege with System execution
        privileges needed. User interaction is not needed for
        exploitation (bnc#1150025).
    
    The following non-security bugs were fixed :
    
      - ACPICA: Increase total number of possible Owner IDs
        (bsc#1148859).
    
      - ACPI: fix false-positive -Wuninitialized warning
        (bsc#1051510).
    
      - Add missing structs and defines from recent SMB3.1.1
        documentation (bsc#1144333).
    
      - Add new flag on SMB3.1.1 read (bsc#1144333).
    
      - address lock imbalance warnings in smbdirect.c
        (bsc#1144333).
    
      - Add some missing debug fields in server and tcon structs
        (bsc#1144333).
    
      - add some missing definitions (bsc#1144333).
    
      - Add some qedf commits to blacklist file (bsc#1149976)
    
      - Add vers=3.0.2 as a valid option for SMBv3.0.2
        (bsc#1144333).
    
      - ALSA: firewire: fix a memory leak bug (bsc#1051510).
    
      - ALSA: hda - Add a generic reboot_notify (bsc#1051510).
    
      - ALSA: hda - Apply workaround for another AMD chip
        1022:1487 (bsc#1051510).
    
      - ALSA: hda - Do not override global PCM hw info flag
        (bsc#1051510).
    
      - ALSA: hda - Fix a memory leak bug (bsc#1051510).
    
      - ALSA: hda - Fix potential endless loop at applying
        quirks (bsc#1051510).
    
      - ALSA: hda: kabi workaround for generic parser flag
        (bsc#1051510).
    
      - ALSA: hda - Let all conexant codec enter D3 when
        rebooting (bsc#1051510).
    
      - ALSA: hda/realtek - Fix overridden device-specific
        initialization (bsc#1051510).
    
      - ALSA: hda/realtek - Fix the problem of two front mics on
        a ThinkCentre (bsc#1051510).
    
      - ALSA: hda - Workaround for crackled sound on AMD
        controller (1022:1457) (bsc#1051510).
    
      - ALSA: hiface: fix multiple memory leak bugs
        (bsc#1051510).
    
      - ALSA: line6: Fix memory leak at line6_init_pcm() error
        path (bsc#1051510).
    
      - ALSA: seq: Fix potential concurrent access to the
        deleted pool (bsc#1051510).
    
      - ASoC: dapm: Fix handling of custom_stop_condition on
        DAPM graph walks (bsc#1051510).
    
      - ASoC: Fail card instantiation if DAI format setup fails
        (bsc#1051510).
    
      - batman-adv: fix uninit-value in
        batadv_netlink_get_ifindex() (bsc#1051510).
    
      - batman-adv: Only read OGM2 tvlv_len after buffer len
        check (bsc#1051510).
    
      - batman-adv: Only read OGM tvlv_len after buffer len
        check (bsc#1051510).
    
      - bcache: fix possible memory leak in bch_cached_dev_run()
        (git fixes).
    
      - bio: fix improper use of smp_mb__before_atomic() (git
        fixes).
    
      - blk-mq: backport fixes for
        blk_mq_complete_e_request_sync() (bsc#1145661).
    
      - blk-mq: Fix spelling in a source code comment (git
        fixes).
    
      - blk-mq: introduce blk_mq_complete_request_sync()
        (bsc#1145661).
    
      - blk-wbt: Avoid lock contention and thundering herd issue
        in wbt_wait (bsc#1141543).
    
      - blk-wbt: Avoid lock contention and thundering herd issue
        in wbt_wait (bsc#1141543).
    
      - block, documentation: Fix wbt_lat_usec documentation
        (git fixes).
    
      - Bluetooth: btqca: Add a short delay before downloading
        the NVM (bsc#1051510).
    
      - bnx2x: Prevent ptp_task to be rescheduled indefinitely
        (networking-stable-19_07_25).
    
      - bonding: validate ip header before check IPPROTO_IGMP
        (networking-stable-19_07_25).
    
      - Btrfs: add a helper to retrive extent inline ref type
        (bsc#1149325).
    
      - btrfs: add cleanup_ref_head_accounting helper
        (bsc#1050911).
    
      - Btrfs: add missing inode version, ctime and mtime
        updates when punching hole (bsc#1140487).
    
      - Btrfs: add one more sanity check for shared ref type
        (bsc#1149325).
    
      - btrfs: clean up pending block groups when transaction
        commit aborts (bsc#1050911).
    
      - Btrfs: convert to use btrfs_get_extent_inline_ref_type
        (bsc#1149325).
    
      - Btrfs: do not abort transaction at btrfs_update_root()
        after failure to COW path (bsc#1150933).
    
      - Btrfs: fix assertion failure during fsync and use of
        stale transaction (bsc#1150562).
    
      - Btrfs: fix data loss after inode eviction, renaming it,
        and fsync it (bsc#1145941).
    
      - btrfs: Fix delalloc inodes invalidation during
        transaction abort (bsc#1050911).
    
      - Btrfs: fix fsync not persisting dentry deletions due to
        inode evictions (bsc#1145942).
    
      - Btrfs: fix incremental send failure after deduplication
        (bsc#1145940).
    
      - btrfs: fix pinned underflow after transaction aborted
        (bsc#1050911).
    
      - Btrfs: fix race between send and deduplication that lead
        to failures and crashes (bsc#1145059).
    
      - Btrfs: fix race leading to fs corruption after
        transaction abort (bsc#1145937).
    
      - btrfs: handle delayed ref head accounting cleanup in
        abort (bsc#1050911).
    
      - Btrfs: prevent send failures and crashes due to
        concurrent relocation (bsc#1145059).
    
      - Btrfs: remove BUG() in add_data_reference (bsc#1149325).
    
      - Btrfs: remove BUG() in btrfs_extent_inline_ref_size
        (bsc#1149325).
    
      - Btrfs: remove BUG() in print_extent_item (bsc#1149325).
    
      - Btrfs: remove BUG_ON in __add_tree_block (bsc#1149325).
    
      - btrfs: Split btrfs_del_delalloc_inode into 2 functions
        (bsc#1050911).
    
      - btrfs: start readahead also in seed devices
        (bsc#1144886).
    
      - btrfs: track running balance in a simpler way
        (bsc#1145059).
    
      - caif-hsi: fix possible deadlock in cfhsi_exit_module()
        (networking-stable-19_07_25).
    
      - can: m_can: implement errata 'Needless activation of
        MRAF irq' (bsc#1051510).
    
      - can: mcp251x: add support for mcp25625 (bsc#1051510).
    
      - can: peak_usb: fix potential double kfree_skb()
        (bsc#1051510).
    
      - can: peak_usb: force the string buffer NULL-terminated
        (bsc#1051510).
    
      - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB
        devices (bsc#1051510).
    
      - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB
        devices (bsc#1051510).
    
      - can: rcar_canfd: fix possible IRQ storm on high load
        (bsc#1051510).
    
      - can: sja1000: force the string buffer NULL-terminated
        (bsc#1051510).
    
      - carl9170: fix misuse of device driver API (bsc#1142635).
    
      - ceph: always get rstat from auth mds (bsc#1146346).
    
      - ceph: clean up ceph.dir.pin vxattr name sizeof()
        (bsc#1146346).
    
      - ceph: decode feature bits in session message
        (bsc#1146346).
    
      - ceph: do not blindly unregister session that is in
        opening state (bsc#1148133).
    
      - ceph: do not try fill file_lock on unsuccessful
        GETFILELOCK reply (bsc#1148133).
    
      - ceph: fix buffer free while holding i_ceph_lock in
        __ceph_build_xattrs_blob() (bsc#1148133).
    
      - ceph: fix buffer free while holding i_ceph_lock in
        __ceph_setxattr() (bsc#1148133).
    
      - ceph: fix buffer free while holding i_ceph_lock in
        fill_inode() (bsc#1148133).
    
      - ceph: fix 'ceph.dir.rctime' vxattr value (bsc#1148133
        bsc#1135219).
    
      - ceph: fix improper use of smp_mb__before_atomic()
        (bsc#1148133).
    
      - ceph: hold i_ceph_lock when removing caps for freeing
        inode (bsc#1148133).
    
      - ceph: remove request from waiting list before unregister
        (bsc#1148133).
    
      - ceph: silence a checker warning in mdsc_show()
        (bsc#1148133).
    
      - ceph: support cephfs' own feature bits (bsc#1146346).
    
      - ceph: support getting ceph.dir.pin vxattr (bsc#1146346).
    
      - ceph: support versioned reply (bsc#1146346).
    
      - ceph: use bit flags to define vxattr attributes
        (bsc#1146346).
    
      - cifs: Accept validate negotiate if server return
        NT_STATUS_NOT_SUPPORTED (bsc#1144333).
    
      - cifs: add a new SMB2_close_flags function (bsc#1144333).
    
      - cifs: add a smb2_compound_op and change QUERY_INFO to
        use it (bsc#1144333).
    
      - cifs: add a timeout argument to wait_for_free_credits
        (bsc#1144333).
    
      - cifs: add a warning if we try to to dequeue a deleted
        mid (bsc#1144333).
    
      - cifs: add compound_send_recv() (bsc#1144333).
    
      - cifs: add credits from unmatched responses/messages
        (bsc#1144333).
    
      - cifs: add debug output to show nocase mount option
        (bsc#1144333).
    
      - cifs: Add DFS cache routines (bsc#1144333).
    
      - cifs: Add direct I/O functions to file_operations
        (bsc#1144333).
    
      - cifs: add fiemap support (bsc#1144333).
    
      - cifs: add iface info to struct cifs_ses (bsc#1144333).
    
      - cifs: add IOCTL for QUERY_INFO passthrough to userspace
        (bsc#1144333).
    
      - cifs: add lease tracking to the cached root fid
        (bsc#1144333).
    
      - cifs: Add minor debug message during negprot
        (bsc#1144333).
    
      - cifs: add missing debug entries for kconfig options
        (bsc#1051510, bsc#1144333).
    
      - cifs: add missing GCM module dependency (bsc#1144333).
    
      - cifs: add missing support for ACLs in SMB 3.11
        (bsc#1051510, bsc#1144333).
    
      - cifs: add ONCE flag for cifs_dbg type (bsc#1144333).
    
      - cifs: add pdu_size to the TCP_Server_Info structure
        (bsc#1144333).
    
      - cifs: add resp_buf_size to the mid_q_entry structure
        (bsc#1144333).
    
      - cifs: address trivial coverity warning (bsc#1144333).
    
      - cifs: add server argument to the dump_detail method
        (bsc#1144333).
    
      - cifs: add server->vals->header_preamble_size
        (bsc#1144333).
    
      - cifs: add SFM mapping for 0x01-0x1F (bsc#1144333).
    
      - cifs: add sha512 secmech (bsc#1051510, bsc#1144333).
    
      - cifs: Adds information-level logging function
        (bsc#1144333).
    
      - cifs: add SMB2_close_init()/SMB2_close_free()
        (bsc#1144333).
    
      - cifs: add SMB2_ioctl_init/free helpers to be used with
        compounding (bsc#1144333).
    
      - cifs: add SMB2_query_info_[init|free]() (bsc#1144333).
    
      - cifs: Add smb2_send_recv (bsc#1144333).
    
      - cifs: add spinlock for the openFileList to cifsInodeInfo
        (bsc#1144333).
    
      - cifs: add .splice_write (bsc#1144333).
    
      - cifs: Add support for direct I/O read (bsc#1144333).
    
      - cifs: Add support for direct I/O write (bsc#1144333).
    
      - cifs: Add support for direct pages in rdata
        (bsc#1144333).
    
      - cifs: Add support for direct pages in wdata
        (bsc#1144333).
    
      - cifs: Add support for failover in cifs_mount()
        (bsc#1144333).
    
      - cifs: Add support for failover in cifs_reconnect()
        (bsc#1144333).
    
      - cifs: Add support for failover in cifs_reconnect_tcon()
        (bsc#1144333).
    
      - cifs: Add support for failover in smb2_reconnect()
        (bsc#1144333).
    
      - cifs: Add support for FSCTL passthrough that write data
        to the server (bsc#1144333).
    
      - cifs: add support for ioctl on directories
        (bsc#1144333).
    
      - cifs: Add support for reading attributes on SMB2+
        (bsc#1051510, bsc#1144333).
    
      - cifs: add support for SEEK_DATA and SEEK_HOLE
        (bsc#1144333).
    
      - cifs: Add support for writing attributes on SMB2+
        (bsc#1051510, bsc#1144333).
    
      - cifs: Adjust MTU credits before reopening a file
        (bsc#1144333).
    
      - cifs: Allocate memory for all iovs in smb2_ioctl
        (bsc#1144333).
    
      - cifs: Allocate validate negotiation request through
        kmalloc (bsc#1144333).
    
      - cifs: allow calling SMB2_xxx_free(NULL) (bsc#1144333).
    
      - cifs: allow disabling less secure legacy dialects
        (bsc#1144333).
    
      - cifs: allow guest mounts to work for smb3.11
        (bsc#1051510, bsc#1144333).
    
      - cifs: always add credits back for unsolicited PDUs
        (bsc#1144333).
    
      - cifs: Always reset read error to -EIO if no response
        (bsc#1144333).
    
      - cifs: Always resolve hostname before reconnecting
        (bsc#1051510, bsc#1144333).
    
      - cifs: a smb2_validate_and_copy_iov failure does not mean
        the handle is invalid (bsc#1144333).
    
      - cifs: auto disable 'serverino' in dfs mounts
        (bsc#1144333).
    
      - cifs: avoid a kmalloc in smb2_send_recv/SendReceive2 for
        the common case (bsc#1144333).
    
      - cifs: Avoid returning EBUSY to upper layer VFS
        (bsc#1144333).
    
      - cifs: cache FILE_ALL_INFO for the shared root handle
        (bsc#1144333).
    
      - cifs: Calculate the correct request length based on page
        offset and tail size (bsc#1144333).
    
      - cifs: Call MID callback before destroying transport
        (bsc#1144333).
    
      - cifs: change mkdir to use a compound (bsc#1144333).
    
      - cifs: change smb2_get_data_area_len to take a
        smb2_sync_hdr as argument (bsc#1144333).
    
      - cifs: Change SMB2_open to return an iov for the error
        parameter (bsc#1144333).
    
      - cifs: change SMB2_OP_RENAME and SMB2_OP_HARDLINK to use
        compounding (bsc#1144333).
    
      - cifs: change SMB2_OP_SET_EOF to use compounding
        (bsc#1144333).
    
      - cifs: change SMB2_OP_SET_INFO to use compounding
        (bsc#1144333).
    
      - cifs: change smb2_query_eas to use the compound
        query-info helper (bsc#1144333).
    
      - cifs: change unlink to use a compound (bsc#1144333).
    
      - cifs: change validate_buf to validate_iov (bsc#1144333).
    
      - cifs: change wait_for_free_request() to take flags as
        argument (bsc#1144333).
    
      - cifs: check CIFS_MOUNT_NO_DFS when trying to reuse
        existing sb (bsc#1144333).
    
      - cifs: Check for reconnects before sending async requests
        (bsc#1144333).
    
      - cifs: Check for reconnects before sending compound
        requests (bsc#1144333).
    
      - cifs: check for STATUS_USER_SESSION_DELETED
        (bsc#1112902, bsc#1144333).
    
      - cifs: Check for timeout on Negotiate stage (bsc#1091171,
        bsc#1144333).
    
      - cifs: check if SMB2 PDU size has been padded and
        suppress the warning (bsc#1144333).
    
      - cifs: check kmalloc before use (bsc#1051510,
        bsc#1144333).
    
      - cifs: check kzalloc return (bsc#1144333).
    
      - cifs: check MaxPathNameComponentLength != 0 before using
        it (bsc#1085536, bsc#1144333).
    
      - cifs: check ntwrk_buf_start for NULL before
        dereferencing it (bsc#1144333).
    
      - cifs: check rsp for NULL before dereferencing in
        SMB2_open (bsc#1085536, bsc#1144333).
    
      - cifs: cifs_read_allocate_pages: do not iterate through
        whole page array on ENOMEM (bsc#1144333).
    
      - cifs: clean up indentation, replace spaces with tab
        (bsc#1144333).
    
      - cifs: cleanup smb2ops.c and normalize strings
        (bsc#1144333).
    
      - cifs: complete PDU definitions for interface queries
        (bsc#1144333).
    
      - cifs: connect to servername instead of IP for IPC$ share
        (bsc#1051510, bsc#1144333).
    
      - cifs: Count SMB3 credits for malformed pending responses
        (bsc#1144333).
    
      - cifs: create a define for how many iovs we need for an
        SMB2_open() (bsc#1144333).
    
      - cifs: create a define for the max number of iov we need
        for a SMB2 set_info (bsc#1144333).
    
      - cifs: create a helper function for compound query_info
        (bsc#1144333).
    
      - cifs: create helpers for SMB2_set_info_init/free()
        (bsc#1144333).
    
      - cifs: create SMB2_open_init()/SMB2_open_free() helpers
        (bsc#1144333).
    
      - cifs: Display SMB2 error codes in the hex format
        (bsc#1144333).
    
      - cifs: document tcon/ses/server refcount dance
        (bsc#1144333).
    
      - cifs: do not allow creating sockets except with SMB1
        posix exensions (bsc#1102097, bsc#1144333).
    
      - cifs: Do not assume one credit for async responses
        (bsc#1144333).
    
      - cifs: do not attempt cifs operation on smb2+ rename
        error (bsc#1144333).
    
      - cifs: Do not consider -ENODATA as stat failure for reads
        (bsc#1144333).
    
      - cifs: Do not count -ENODATA as failure for query
        directory (bsc#1051510, bsc#1144333).
    
      - cifs: do not dereference smb_file_target before null
        check (bsc#1051510, bsc#1144333).
    
      - cifs: Do not hide EINTR after sending network packets
        (bsc#1051510, bsc#1144333).
    
      - cifs: Do not log credits when unmounting a share
        (bsc#1144333).
    
      - cifs: do not log STATUS_NOT_FOUND errors for DFS
        (bsc#1051510, bsc#1144333).
    
      - cifs: Do not match port on SMBDirect transport
        (bsc#1144333).
    
      - cifs: Do not modify mid entry after submitting I/O in
        cifs_call_async (bsc#1051510, bsc#1144333).
    
      - cifs: Do not reconnect TCP session in add_credits()
        (bsc#1051510, bsc#1144333).
    
      - cifs: Do not reset lease state to NONE on lease break
        (bsc#1051510, bsc#1144333).
    
      - cifs: do not return atime less than mtime (bsc#1144333).
    
      - cifs: do not send invalid input buffer on QUERY_INFO
        requests (bsc#1144333).
    
      - cifs: Do not set credits to 1 if the server didn't grant
        anything (bsc#1144333).
    
      - cifs: do not show domain= in mount output when domain is
        empty (bsc#1144333).
    
      - cifs: Do not skip SMB2 message IDs on send failures
        (bsc#1144333).
    
      - cifs: do not use __constant_cpu_to_le32() (bsc#1144333).
    
      - cifs: dump every session iface info (bsc#1144333).
    
      - cifs: dump IPC tcon in debug proc file (bsc#1071306,
        bsc#1144333).
    
      - cifs: fallback to older infolevels on findfirst
        queryinfo retry (bsc#1144333).
    
      - cifs: Find and reopen a file before get MTU credits in
        writepages (bsc#1144333).
    
      - cifs: fix a buffer leak in smb2_query_symlink
        (bsc#1144333).
    
      - cifs: fix a credits leak for compund commands
        (bsc#1144333).
    
      - cifs: Fix a debug message (bsc#1144333).
    
      - cifs: Fix adjustment of credits for MTU requests
        (bsc#1051510, bsc#1144333).
    
      - cifs: Fix an issue with re-sending rdata when transport
        returning -EAGAIN (bsc#1144333).
    
      - cifs: Fix an issue with re-sending wdata when transport
        returning -EAGAIN (bsc#1144333).
    
      - cifs: Fix a race condition with cifs_echo_request
        (bsc#1144333).
    
      - cifs: Fix a tiny potential memory leak (bsc#1144333).
    
      - cifs: Fix autonegotiate security settings mismatch
        (bsc#1087092, bsc#1144333).
    
      - cifs: fix bi-directional fsctl passthrough calls
        (bsc#1144333).
    
      - cifs: fix build break when CONFIG_CIFS_DEBUG2 enabled
        (bsc#1144333).
    
      - cifs: fix build errors for SMB_DIRECT (bsc#1144333).
    
      - cifs: Fix check for matching with existing mount
        (bsc#1144333).
    
      - cifs: fix circular locking dependency (bsc#1064701,
        bsc#1144333).
    
      - cifs: fix computation for MAX_SMB2_HDR_SIZE
        (bsc#1144333).
    
      - cifs: fix confusing warning message on reconnect
        (bsc#1144333).
    
      - cifs: fix crash in cifs_dfs_do_automount (bsc#1144333).
    
      - cifs: fix crash in
        smb2_compound_op()/smb2_set_next_command()
        (bsc#1144333).
    
      - cifs: fix crash querying symlinks stored as
        reparse-points (bsc#1144333).
    
      - cifs: Fix credit calculation for encrypted reads with
        errors (bsc#1051510, bsc#1144333).
    
      - cifs: Fix credit calculations in compound mid callback
        (bsc#1144333).
    
      - cifs: Fix credit computation for compounded requests
        (bsc#1144333).
    
      - cifs: Fix credits calculation for cancelled requests
        (bsc#1144333).
    
      - cifs: Fix credits calculations for reads with errors
        (bsc#1051510, bsc#1144333).
    
      - cifs: fix credits leak for SMB1 oplock breaks
        (bsc#1144333).
    
      - cifs: fix deadlock in cached root handling
        (bsc#1144333).
    
      - cifs: Fix DFS cache refresher for DFS links
        (bsc#1144333).
    
      - cifs: fix encryption in SMB3.1.1 (bsc#1144333).
    
      - cifs: Fix encryption/signing (bsc#1144333).
    
      - cifs: Fix error mapping for SMB2_LOCK command which
        caused OFD lock problem (bsc#1051510, bsc#1144333).
    
      - cifs: Fix error paths in writeback code (bsc#1144333).
    
      - cifs: fix GlobalMid_Lock bug in cifs_reconnect
        (bsc#1144333).
    
      - cifs: fix handle leak in smb2_query_symlink()
        (bsc#1144333).
    
      - cifs: fix incorrect handling of smb2_set_sparse() return
        in smb3_simple_falloc (bsc#1144333).
    
      - cifs: Fix infinite loop when using hard mount option
        (bsc#1091171, bsc#1144333).
    
      - cifs: Fix invalid check in __cifs_calc_signature()
        (bsc#1144333).
    
      - cifs: Fix kernel oops when traceSMB is enabled
        (bsc#1144333).
    
      - cifs: fix kref underflow in close_shroot()
        (bsc#1144333).
    
      - cifs: Fix leaking locked VFS cache pages in writeback
        retry (bsc#1144333).
    
      - cifs: Fix lease buffer length error (bsc#1144333).
    
      - cifs: fix memory leak and remove dead code
        (bsc#1144333).
    
      - cifs: fix memory leak in SMB2_open() (bsc#1112894,
        bsc#1144333).
    
      - cifs: fix memory leak in SMB2_read (bsc#1144333).
    
      - cifs: Fix memory leak in smb2_set_ea() (bsc#1051510,
        bsc#1144333).
    
      - cifs: fix memory leak of an allocated cifs_ntsd
        structure (bsc#1144333).
    
      - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl
        case (bsc#1144333).
    
      - cifs: Fix missing put_xid in cifs_file_strict_mmap
        (bsc#1087092, bsc#1144333).
    
      - cifs: Fix module dependency (bsc#1144333).
    
      - cifs: Fix mounts if the client is low on credits
        (bsc#1144333).
    
      - cifs: fix NULL deref in SMB2_read (bsc#1085539,
        bsc#1144333).
    
      - cifs: Fix NULL pointer dereference of devname
        (bnc#1129519).
    
      - cifs: Fix NULL pointer deref on SMB2_tcon() failure
        (bsc#1071009, bsc#1144333).
    
      - cifs: Fix NULL ptr deref (bsc#1144333).
    
      - cifs: fix page reference leak with readv/writev
        (bsc#1144333).
    
      - cifs: fix panic in smb2_reconnect (bsc#1144333).
    
      - cifs: fix parsing of symbolic link error response
        (bsc#1144333).
    
      - cifs: fix POSIX lock leak and invalid ptr deref
        (bsc#1114542, bsc#1144333).
    
      - cifs: Fix possible hang during async MTU reads and
        writes (bsc#1051510, bsc#1144333).
    
      - cifs: Fix possible oops and memory leaks in async IO
        (bsc#1144333).
    
      - cifs: Fix potential OOB access of lock element array
        (bsc#1051510, bsc#1144333).
    
      - cifs: Fix read after write for files with read caching
        (bsc#1051510, bsc#1144333).
    
      - cifs: fix return value for cifs_listxattr (bsc#1051510,
        bsc#1144333).
    
      - cifs: fix rmmod regression in cifs.ko caused by
        force_sig changes (bsc#1144333).
    
      - cifs: Fix separator when building path from dentry
        (bsc#1051510, bsc#1144333).
    
      - cifs: fix sha512 check in cifs_crypto_secmech_release
        (bsc#1051510, bsc#1144333).
    
      - cifs: fix signed/unsigned mismatch on aio_read patch
        (bsc#1144333).
    
      - cifs: Fix signing for SMB2/3 (bsc#1144333).
    
      - cifs: Fix slab-out-of-bounds in send_set_info() on SMB2
        ACE setting (bsc#1144333).
    
      - cifs: Fix slab-out-of-bounds when tracing SMB tcon
        (bsc#1144333).
    
      - cifs: fix SMB1 breakage (bsc#1144333).
    
      - cifs: fix smb3_zero_range for Azure (bsc#1144333).
    
      - cifs: fix smb3_zero_range so it can expand the file-size
        when required (bsc#1144333).
    
      - cifs: fix sparse warning on previous patch in a few
        printks (bsc#1144333).
    
      - cifs: fix spelling mistake, EACCESS -> EACCES
        (bsc#1144333).
    
      - cifs: Fix stack out-of-bounds in
        smb(2,3)_create_lease_buf() (bsc#1051510, bsc#1144333).
    
      - cifs: fix strcat buffer overflow and reduce raciness in
        smb21_set_oplock_level() (bsc#1144333).
    
      - cifs: Fix to use kmem_cache_free() instead of kfree()
        (bsc#1144333).
    
      - cifs: Fix trace command logging for SMB2 reads and
        writes (bsc#1144333).
    
      - cifs: fix typo in cifs_dbg (bsc#1144333).
    
      - cifs: fix typo in debug message with struct field
        ia_valid (bsc#1144333).
    
      - cifs: fix uninitialized ptr deref in smb2 signing
        (bsc#1144333).
    
      - cifs: Fix use-after-free in SMB2_read (bsc#1144333).
    
      - cifs: Fix use-after-free in SMB2_write (bsc#1144333).
    
      - cifs: Fix use after free of a mid_q_entry (bsc#1112903,
        bsc#1144333).
    
      - cifs: fix use-after-free of the lease keys
        (bsc#1144333).
    
      - cifs: Fix validation of signed data in smb2
        (bsc#1144333).
    
      - cifs: Fix validation of signed data in smb3+
        (bsc#1144333).
    
      - cifs: fix wrapping bugs in num_entries() (bsc#1051510,
        bsc#1144333).
    
      - cifs: flush before set-info if we have writeable handles
        (bsc#1144333).
    
      - cifs: For SMB2 security informaion query, check for
        minimum sized security descriptor instead of sizeof
        FileAllInformation class (bsc#1051510, bsc#1144333).
    
      - cifs: handle large EA requests more gracefully in smb2+
        (bsc#1144333).
    
      - cifs: handle netapp error codes (bsc#1136261).
    
      - cifs: hide unused functions (bsc#1051510, bsc#1144333).
    
      - cifs: hide unused functions (bsc#1051510, bsc#1144333).
    
      - cifs: implement v3.11 preauth integrity (bsc#1051510,
        bsc#1144333).
    
      - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on
        legacy (insecure cifs) (bsc#1144333).
    
      - cifs: integer overflow in in SMB2_ioctl() (bsc#1051510,
        bsc#1144333).
    
      - cifs: Introduce helper function to get page offset and
        length in smb_rqst (bsc#1144333).
    
      - cifs: Introduce offset for the 1st page in data transfer
        structures (bsc#1144333).
    
      - cifs: invalidate cache when we truncate a file
        (bsc#1051510, bsc#1144333).
    
      - cifs: keep FileInfo handle live during oplock break
        (bsc#1106284, bsc#1131565, bsc#1144333).
    
      - cifs: limit amount of data we request for xattrs to
        CIFSMaxBufSize (bsc#1144333).
    
      - cifs: Limit memory used by lock request calls to a page
        (bsc#1144333).
    
      - cifs_lookup(): cifs_get_inode_...() never returns 0 with
        *inode left NULL (bsc#1144333).
    
      - cifs_lookup(): switch to d_splice_alias() (bsc#1144333).
    
      - cifs: make arrays static const, reduces object code size
        (bsc#1144333).
    
      - cifs: Make devname param optional in
        cifs_compose_mount_options() (bsc#1144333).
    
      - cifs: make IPC a regular tcon (bsc#1071306,
        bsc#1144333).
    
      - cifs: make minor clarifications to module params for
        cifs.ko (bsc#1144333).
    
      - cifs: make mknod() an smb_version_op (bsc#1144333).
    
      - cifs: make 'nodfs' mount opt a superblock flag
        (bsc#1051510, bsc#1144333).
    
      - cifs: make rmdir() use compounding (bsc#1144333).
    
      - cifs: make smb_send_rqst take an array of requests
        (bsc#1144333).
    
      - cifs: Make sure all data pages are signed correctly
        (bsc#1144333).
    
      - cifs: Make use of DFS cache to get new DFS referrals
        (bsc#1144333).
    
      - cifs: Mask off signals when sending SMB packets
        (bsc#1144333).
    
      - cifs: minor clarification in comments (bsc#1144333).
    
      - cifs: Minor Kconfig clarification (bsc#1144333).
    
      - cifs: minor updates to module description for cifs.ko
        (bsc#1144333).
    
      - cifs: Move credit processing to mid callbacks for SMB3
        (bsc#1144333).
    
      - cifs: move default port definitions to cifsglob.h
        (bsc#1144333).
    
      - cifs: move large array from stack to heap (bsc#1144333).
    
      - cifs: Move open file handling to writepages
        (bsc#1144333).
    
      - cifs: Move unlocking pages from wdata_send_pages()
        (bsc#1144333).
    
      - cifs: OFD locks do not conflict with eachothers
        (bsc#1051510, bsc#1144333).
    
      - cifs: Only free DFS target list if we actually got one
        (bsc#1144333).
    
      - cifs: Only send SMB2_NEGOTIATE command on new TCP
        connections (bsc#1144333).
    
      - cifs: only wake the thread for the very last PDU in a
        compound (bsc#1144333).
    
      - cifs: parse and store info on iface queries
        (bsc#1144333).
    
      - cifs: pass flags down into wait_for_free_credits()
        (bsc#1144333).
    
      - cifs: Pass page offset for calculating signature
        (bsc#1144333).
    
      - cifs: Pass page offset for encrypting (bsc#1144333).
    
      - cifs: pass page offsets on SMB1 read/write
        (bsc#1144333).
    
      - cifs: prevent integer overflow in nxt_dir_entry()
        (bsc#1051510, bsc#1144333).
    
      - cifs: prevent starvation in wait_for_free_credits for
        multi-credit requests (bsc#1144333).
    
      - cifs: print CIFSMaxBufSize as part of
        /proc/fs/cifs/DebugData (bsc#1144333).
    
      - cifs: Print message when attempting a mount
        (bsc#1144333).
    
      - cifs: Properly handle auto disabling of serverino option
        (bsc#1144333).
    
      - cifs: protect against server returning invalid file
        system block size (bsc#1144333).
    
      - cifs: prototype declaration and definition for smb 2 - 3
        and cifsacl mount options (bsc#1051510, bsc#1144333).
    
      - cifs: prototype declaration and definition to set acl
        for smb 2 - 3 and cifsacl mount options (bsc#1051510,
        bsc#1144333).
    
      - cifs: push rfc1002 generation down the stack
        (bsc#1144333).
    
      - cifs: read overflow in is_valid_oplock_break()
        (bsc#1144333).
    
      - cifs: Reconnect expired SMB sessions (bnc#1060662).
    
      - cifs: refactor and clean up arguments in the reparse
        point parsing (bsc#1144333).
    
      - cifs: refactor crypto shash/sdesc allocation&free
        (bsc#1051510, bsc#1144333).
    
      - cifs: Refactor out cifs_mount() (bsc#1144333).
    
      - cifs: release auth_key.response for reconnect
        (bsc#1085536, bsc#1144333).
    
      - cifs: release cifs root_cred after exit_cifs
        (bsc#1085536, bsc#1144333).
    
      - cifs: remove coverity warning in calc_lanman_hash
        (bsc#1144333).
    
      - cifs: Remove custom credit adjustments for SMB2 async IO
        (bsc#1144333).
    
      - cifs: remove header_preamble_size where it is always 0
        (bsc#1144333).
    
      - cifs: remove redundant duplicated assignment of pointer
        'node' (bsc#1144333).
    
      - cifs: remove rfc1002 hardcoded constants from
        cifs_discard_remaining_data() (bsc#1144333).
    
      - cifs: remove rfc1002 header from all SMB2 response
        structures (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_close_req
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_create_req
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_echo_req
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_flush_req
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_ioctl_req
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_lease_ack
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_lock_req
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_logoff_req
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_negotiate_req
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_oplock_break we
        get from server (bsc#1144333).
    
      - cifs: remove rfc1002 header from
        smb2_query_directory_req (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_query_info_req
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2 read/write
        requests (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_sess_setup_req
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_set_info_req
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from smb2_tree_connect_req
        (bsc#1144333).
    
      - cifs: remove rfc1002 header from
        smb2_tree_disconnect_req (bsc#1144333).
    
      - cifs: remove set but not used variable 'cifs_sb'
        (bsc#1144333).
    
      - cifs: remove set but not used variable 'sep'
        (bsc#1144333).
    
      - cifs: remove set but not used variable 'server'
        (bsc#1144333).
    
      - cifs: remove set but not used variable 'smb_buf'
        (bsc#1144333).
    
      - cifs: remove small_smb2_init (bsc#1144333).
    
      - cifs: remove smb2_send_recv() (bsc#1144333).
    
      - cifs: remove struct smb2_hdr (bsc#1144333).
    
      - cifs: remove struct smb2_oplock_break_rsp (bsc#1144333).
    
      - cifs: remove the is_falloc argument to SMB2_set_eof
        (bsc#1144333).
    
      - cifs: remove unused stats (bsc#1144333).
    
      - cifs: remove unused value pointed out by Coverity
        (bsc#1144333).
    
      - cifs: remove unused variable from SMB2_read
        (bsc#1144333).
    
      - cifs: rename and clarify CIFS_ASYNC_OP and CIFS_NO_RESP
        (bsc#1144333).
    
      - cifs: Reopen file before get SMB2 MTU credits for async
        IO (bsc#1144333).
    
      - cifs: replace a 4 with
        server->vals->header_preamble_size (bsc#1144333).
    
      - cifs: replace snprintf with scnprintf (bsc#1144333).
    
      - cifs: Respect reconnect in MTU credits calculations
        (bsc#1144333).
    
      - cifs: Respect reconnect in non-MTU credits calculations
        (bsc#1144333).
    
      - cifs: Respect SMB2 hdr preamble size in read responses
        (bsc#1144333).
    
      - cifs: return correct errors when pinning memory failed
        for direct I/O (bsc#1144333).
    
      - cifs: Return -EAGAIN instead of -ENOTSOCK (bsc#1144333).
    
      - cifs: return -ENODATA when deleting an xattr that does
        not exist (bsc#1144333).
    
      - cifs: Return error code when getting file handle for
        writeback (bsc#1144333).
    
      - cifs: return error on invalid value written to cifsFYI
        (bsc#1144333).
    
      - cifs: Save TTL value when parsing DFS referrals
        (bsc#1144333).
    
      - cifs: Select all required crypto modules (bsc#1085536,
        bsc#1144333).
    
      - cifs: set mapping error when page writeback fails in
        writepage or launder_pages (bsc#1144333).
    
      - cifs: set oparms.create_options rather than or'ing in
        CREATE_OPEN_BACKUP_INTENT (bsc#1144333).
    
      - cifs: Set reconnect instance to one initially
        (bsc#1144333).
    
      - cifs: set *resp_buf_type to NO_BUFFER on error
        (bsc#1144333).
    
      - cifs: Show locallease in /proc/mounts for cifs shares
        mounted with locallease feature (bsc#1144333).
    
      - cifs: show 'soft' in the mount options for hard mounts
        (bsc#1144333).
    
      - cifs: show the w bit for writeable /proc/fs/cifs/* files
        (bsc#1144333).
    
      - cifs: silence compiler warnings showing up with
        gcc-8.0.0 (bsc#1090734, bsc#1144333).
    
      - cifs: Silence uninitialized variable warning
        (bsc#1144333).
    
      - cifs: simple stats should always be enabled
        (bsc#1144333).
    
      - cifs: simplify code by removing CONFIG_CIFS_ACL ifdef
        (bsc#1144333). - Update config files.
    
      - cifs: simplify how we handle credits in
        compound_send_recv() (bsc#1144333).
    
      - cifs: Skip any trailing backslashes from UNC
        (bsc#1144333).
    
      - cifs: smb2 commands can not be negative, remove
        confusing check (bsc#1144333).
    
      - cifs: smb2ops: Fix listxattr() when there are no EAs
        (bsc#1051510, bsc#1144333).
    
      - cifs: smb2ops: Fix NULL check in smb2_query_symlink
        (bsc#1144333).
    
      - cifs: smb2pdu: Fix potential NULL pointer dereference
        (bsc#1144333).
    
      - cifs: SMBD: Add parameter rdata to smb2_new_read_req
        (bsc#1144333).
    
      - cifs: SMBD: Add rdma mount option (bsc#1144333).
    
      - cifs: SMBD: Add SMB Direct debug counters (bsc#1144333).
    
      - cifs: SMBD: Add SMB Direct protocol initial values and
        constants (bsc#1144333).
    
      - cifs: smbd: Avoid allocating iov on the stack
        (bsc#1144333).
    
      - cifs: smbd: avoid reconnect lockup (bsc#1144333).
    
      - cifs: smbd: Check for iov length on sending the last iov
        (bsc#1144333).
    
      - cifs: smbd: depend on INFINIBAND_ADDR_TRANS
        (bsc#1144333).
    
      - cifs: SMBD: Disable signing on SMB direct transport
        (bsc#1144333).
    
      - cifs: smbd: disconnect transport on RDMA errors
        (bsc#1144333).
    
      - cifs: SMBD: Do not call ib_dereg_mr on invalidated
        memory registration (bsc#1144333).
    
      - cifs: smbd: Do not destroy transport on RDMA disconnect
        (bsc#1144333).
    
      - cifs: smbd: Do not use RDMA read/write when signing is
        used (bsc#1144333).
    
      - cifs: smbd: Dump SMB packet when configured
        (bsc#1144333).
    
      - cifs: smbd: Enable signing with smbdirect (bsc#1144333).
    
      - cifs: SMBD: Establish SMB Direct connection
        (bsc#1144333).
    
      - cifs: SMBD: export protocol initial values
        (bsc#1144333).
    
      - cifs: SMBD: fix spelling mistake: faield and legnth
        (bsc#1144333).
    
      - cifs: SMBD: Fix the definition for
        SMB2_CHANNEL_RDMA_V1_INVALIDATE (bsc#1144333).
    
      - cifs: SMBD: Implement function to create a SMB Direct
        connection (bsc#1144333).
    
      - cifs: SMBD: Implement function to destroy a SMB Direct
        connection (bsc#1144333).
    
      - cifs: SMBD: Implement function to receive data via RDMA
        receive (bsc#1144333).
    
      - cifs: SMBD: Implement function to reconnect to a SMB
        Direct transport (bsc#1144333).
    
      - cifs: SMBD: Implement function to send data via RDMA
        send (bsc#1144333).
    
      - cifs: SMBD: Implement RDMA memory registration
        (bsc#1144333).
    
      - cifs: smbd: Indicate to retry on transport sending
        failure (bsc#1144333).
    
      - cifs: SMBD: Read correct returned data length for RDMA
        write (SMB read) I/O (bsc#1144333).
    
      - cifs: smbd: Retry on memory registration failure
        (bsc#1144333).
    
      - cifs: smbd: Return EINTR when interrupted (bsc#1144333).
    
      - cifs: SMBD: Set SMB Direct maximum read or write size
        for I/O (bsc#1144333).
    
      - cifs: SMBD: _smbd_get_connection() can be static
        (bsc#1144333).
    
      - cifs: SMBD: Support page offset in memory registration
        (bsc#1144333).
    
      - cifs: SMBD: Support page offset in RDMA recv
        (bsc#1144333).
    
      - cifs: SMBD: Support page offset in RDMA send
        (bsc#1144333).
    
      - cifs: smbd: take an array of reqeusts when sending upper
        layer data (bsc#1144333).
    
      - cifs: SMBD: Upper layer connects to SMBDirect session
        (bsc#1144333).
    
      - cifs: SMBD: Upper layer destroys SMB Direct session on
        shutdown or umount (bsc#1144333).
    
      - cifs: SMBD: Upper layer performs SMB read via RDMA write
        through memory registration (bsc#1144333).
    
      - cifs: SMBD: Upper layer performs SMB write via RDMA read
        through memory registration (bsc#1144333).
    
      - cifs: SMBD: Upper layer receives data via RDMA receive
        (bsc#1144333).
    
      - cifs: SMBD: Upper layer reconnects to SMB Direct session
        (bsc#1144333).
    
      - cifs: SMBD: Upper layer sends data via RDMA send
        (bsc#1144333).
    
      - cifs:smbd Use the correct DMA direction when sending
        data (bsc#1144333).
    
      - cifs:smbd When reconnecting to server, call
        smbd_destroy() after all MIDs have been called
        (bsc#1144333).
    
      - cifs: SMBD: work around gcc -Wmaybe-uninitialized
        warning (bsc#1144333).
    
      - cifs: start DFS cache refresher in cifs_mount()
        (bsc#1144333).
    
      - cifs: store the leaseKey in the fid on SMB2_open
        (bsc#1051510, bsc#1144333).
    
      - cifs: suppress some implicit-fallthrough warnings
        (bsc#1144333).
    
      - cifs: track writepages in vfs operation counters
        (bsc#1144333).
    
      - cifs: Try to acquire credits at once for compound
        requests (bsc#1144333).
    
      - cifs: update calc_size to take a server argument
        (bsc#1144333).
    
      - cifs: update init_sg, crypt_message to take an array of
        rqst (bsc#1144333).
    
      - cifs: update internal module number (bsc#1144333).
    
      - cifs: update internal module version number
        (bsc#1144333).
    
      - cifs: update internal module version number
        (bsc#1144333).
    
      - cifs: update internal module version number
        (bsc#1144333).
    
      - cifs: update internal module version number
        (bsc#1144333).
    
      - cifs: update internal module version number
        (bsc#1144333).
    
      - cifs: update internal module version number for cifs.ko
        to 2.12 (bsc#1144333).
    
      - cifs: update internal module version number for cifs.ko
        to 2.12 (bsc#1144333).
    
      - cifs: update internal module version number for cifs.ko
        to 2.14 (bsc#1144333).
    
      - cifs: update module internal version number
        (bsc#1144333).
    
      - cifs: update multiplex loop to handle compounded
        responses (bsc#1144333).
    
      - cifs: update receive_encrypted_standard to handle
        compounded responses (bsc#1144333).
    
      - cifs: update smb2_calc_size to use smb2_sync_hdr instead
        of smb2_hdr (bsc#1144333).
    
      - cifs: update smb2_check_message to handle PDUs without a
        4 byte length header (bsc#1144333).
    
      - cifs: update smb2_queryfs() to use compounding
        (bsc#1144333).
    
      - cifs: update __smb_send_rqst() to take an array of
        requests (bsc#1144333).
    
      - cifs: use a compound for setting an xattr (bsc#1144333).
    
      - cifs: use a refcount to protect open/closing the cached
        file handle (bsc#1144333).
    
      - cifs: use correct format characters (bsc#1144333).
    
      - cifs: Use correct packet length in SMB2_TRANSFORM header
        (bsc#1144333).
    
      - cifs: Use GFP_ATOMIC when a lock is held in cifs_mount()
        (bsc#1144333).
    
      - cifs: Use kmemdup in SMB2_ioctl_init() (bsc#1144333).
    
      - cifs: Use kmemdup rather than duplicating its
        implementation in smb311_posix_mkdir() (bsc#1144333).
    
      - cifs: Use kzfree() to free password (bsc#1144333).
    
      - cifs: Use offset when reading pages (bsc#1144333).
    
      - cifs: Use smb 2 - 3 and cifsacl mount options getacl
        functions (bsc#1051510, bsc#1144333).
    
      - cifs: Use smb 2 - 3 and cifsacl mount options setacl
        function (bsc#1051510, bsc#1144333).
    
      - cifs: use tcon_ipc instead of use_ipc parameter of
        SMB2_ioctl (bsc#1071306, bsc#1144333).
    
      - cifs: use the correct length when pinning memory for
        direct I/O for write (bsc#1144333).
    
      - cifs: Use ULL suffix for 64-bit constant (bsc#1051510,
        bsc#1144333).
    
      - cifs: wait_for_free_credits() make it possible to wait
        for >=1 credits (bsc#1144333).
    
      - cifs: we can not use small padding iovs together with
        encryption (bsc#1144333).
    
      - cifs: When sending data on socket, pass the correct page
        offset (bsc#1144333).
    
      - cifs: zero-range does not require the file is sparse
        (bsc#1144333).
    
      - cifs: zero sensitive data when freeing (bsc#1087092,
        bsc#1144333).
    
      - Cleanup some minor endian issues in smb3 rdma
        (bsc#1144333).
    
      - clk: add clk_bulk_get accessories (bsc#1144813).
    
      - clk: bcm2835: remove pllb (jsc#SLE-7294).
    
      - clk: bcm283x: add driver interfacing with Raspberry Pi's
        firmware (jsc#SLE-7294).
    
      - clk: bulk: silently error out on EPROBE_DEFER
        (bsc#1144718,bsc#1144813).
    
      - clk: Export clk_bulk_prepare() (bsc#1144813).
    
      - clk: raspberrypi: register platform device for
        raspberrypi-cpufreq (jsc#SLE-7294).
    
      - clk: renesas: cpg-mssr: Fix reset control race condition
        (bsc#1051510).
    
      - clk: rockchip: Add 1.6GHz PLL rate for rk3399
        (bsc#1144718,bsc#1144813).
    
      - clk: rockchip: assign correct id for pclk_ddr and
        hclk_sd in rk3399 (bsc#1144718,bsc#1144813).
    
      - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
        (bsc#1051510).
    
      - coredump: split pipe command whitespace before expanding
        template (bsc#1051510).
    
      - cpufreq: add driver for Raspberry Pi (jsc#SLE-7294).
    
      - cpufreq: dt: Try freeing static OPPs only if we have
        added them (jsc#SLE-7294).
    
      - cpu/speculation: Warn on unsupported mitigations=
        parameter (bsc#1114279).
    
      - crypto: ccp - Add support for valid authsize values less
        than 16 (bsc#1051510).
    
      - crypto: ccp - Fix oops by properly managing allocated
        structures (bsc#1051510).
    
      - crypto: ccp - Ignore tag length when decrypting GCM
        ciphertext (bsc#1051510).
    
      - crypto: ccp - Ignore unconfigured CCP device on
        suspend/resume (bnc#1145934).
    
      - crypto: ccp - Validate buffer lengths for copy
        operations (bsc#1051510).
    
      - cx82310_eth: fix a memory leak bug (bsc#1051510).
    
      - devres: always use dev_name() in devm_ioremap_resource()
        (git fixes).
    
      - dfs_cache: fix a wrong use of kfree in flush_cache_ent()
        (bsc#1144333).
    
      - dmaengine: rcar-dmac: Reject zero-length slave DMA
        requests (bsc#1051510).
    
      - dm btree: fix order of block initialization in
        btree_split_beneath (git fixes).
    
      - dm bufio: fix deadlock with loop device (git fixes).
    
      - dm cache metadata: Fix loading discard bitset (git
        fixes).
    
      - dm crypt: do not overallocate the integrity tag space
        (git fixes).
    
      - dm crypt: fix parsing of extended IV arguments (git
        fixes).
    
      - dm delay: fix a crash when invalid device is specified
        (git fixes).
    
      - dm: fix to_sector() for 32bit (git fixes).
    
      - dm integrity: change memcmp to strncmp in
        dm_integrity_ctr (git fixes).
    
      - dm integrity: limit the rate of error messages (git
        fixes).
    
      - dm kcopyd: always complete failed jobs (git fixes).
    
      - dm log writes: make sure super sector log updates are
        written in order (git fixes).
    
      - dm raid: add missing cleanup in raid_ctr() (git fixes).
    
      - dm: revert 8f50e358153d ('dm: limit the max bio size as
        BIO_MAX_PAGES * PAGE_SIZE') (git fixes).
    
      - dm space map metadata: fix missing store of apply_bops()
        return value (git fixes).
    
      - dm table: fix invalid memory accesses with too high
        sector number (git fixes).
    
      - dm table: propagate BDI_CAP_STABLE_WRITES to fix
        sporadic checksum errors (git fixes).
    
      - dm thin: fix bug where bio that overwrites thin block
        ignores FUA (git fixes).
    
      - dm thin: fix passdown_double_checking_shared_status()
        (git fixes).
    
      - dm zoned: fix potential NULL dereference in
        dmz_do_reclaim() (git fixes).
    
      - dm zoned: Fix zone report handling (git fixes).
    
      - dm zoned: fix zone state management race (git fixes).
    
      - dm zoned: improve error handling in i/o map code (git
        fixes).
    
      - dm zoned: improve error handling in reclaim (git fixes).
    
      - dm zoned: properly handle backing device failure (git
        fixes).
    
      - dm zoned: Silence a static checker warning (git fixes).
    
      - Do not log confusing message on reconnect by default
        (bsc#1129664, bsc#1144333).
    
      - Do not log expected error on DFS referral request
        (bsc#1051510, bsc#1144333).
    
      - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS
        ioctl (bsc#1051510).
    
      - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate
        some strings (bsc#1051510).
    
      - drm/amdgpu/psp: move psp version specific function
        pointers to (bsc#1135642)
    
      - drm/etnaviv: add missing failure path to destroy
        suballoc (bsc#1135642)
    
      - drm/i915: Do not deballoon unused ggtt drm_mm_node in
        linux guest (bsc#1142635)
    
      - drm/i915: Fix wrong escape clock divisor init for GLK
        (bsc#1142635)
    
      - drm/i915/perf: ensure we keep a reference on the driver
        (bsc#1142635)
    
      - drm/i915: Restore relaxed padding
        (OCL_OOB_SUPPRES_ENABLE) for skl+ (bsc#1142635)
    
      - drm/i915/userptr: Acquire the page lock around
        set_page_dirty() (bsc#1051510).
    
      - drm/imx: notify drm core before sending event during
        crtc disable (bsc#1135642)
    
      - drm/imx: only send event on crtc disable if kept
        disabled (bsc#1135642)
    
      - drm/mediatek: call drm_atomic_helper_shutdown() when
        unbinding driver (bsc#1135642)
    
      - drm/mediatek: call mtk_dsi_stop() after
        mtk_drm_crtc_atomic_disable() (bsc#1135642)
    
      - drm/mediatek: clear num_pipes when unbind driver
        (bsc#1135642)
    
      - drm/mediatek: fix unbind functions (bsc#1135642)
    
      - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before
        goto (bsc#1142635)
    
      - drm/mediatek: unbind components in mtk_drm_unbind()
        (bsc#1135642)
    
      - drm/mediatek: use correct device to import PRIME buffers
        (bsc#1142635)
    
      - drm: msm: Fix add_gpu_components (bsc#1051510).
    
      - drm/msm/mdp5: Fix mdp5_cfg_init error return
        (bsc#1142635)
    
      - drm/nouveau: Do not retry infinitely when receiving no
        data on i2c (bsc#1142635)
    
      - drm/nouveau: fix memory leak in nouveau_conn_reset()
        (bsc#1051510).
    
      - drm/rockchip: Suspend DP late (bsc#1142635)
    
      - drm: silence variable 'conn' set but not used
        (bsc#1051510).
    
      - drm/udl: introduce a macro to convert dev to udl.
        (bsc#1113722)
    
      - drm/udl: move to embedding drm device inside udl device.
        (bsc#1113722)
    
      - drm/vmwgfx: fix a warning due to missing dma_parms
        (bsc#1135642)
    
      - drm/vmwgfx: fix memory leak when too many retries have
        occurred (bsc#1051510).
    
      - drm/vmwgfx: Use the backdoor port if the HB port is not
        available (bsc#1135642)
    
      - Drop an ASoC fix that was reverted in 4.14.y stable
    
      - ehea: Fix a copy-paste err in ehea_init_port_res
        (bsc#1051510).
    
      - ext4: use jbd2_inode dirty range scoping (bsc#1148616).
    
      - firmware: raspberrypi: register clk device
        (jsc#SLE-7294).
    
      - Fixed https://bugzilla.kernel.org/show_bug.cgi?id=202935
        allow write on the same file (bsc#1144333).
    
      - Fix encryption labels and lengths for SMB3.1.1
        (bsc#1085536, bsc#1144333).
    
      - fix incorrect error code mapping for OBJECTID_NOT_FOUND
        (bsc#1144333).
    
      - Fix kABI after KVM fixes
    
      - Fix match_server check to allow for auto dialect
        negotiate (bsc#1144333).
    
      - Fix SMB3.1.1 guest authentication to Samba (bsc#1085536,
        bsc#1144333).
    
      - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y
        (bsc#1051510, bsc#1144333).
    
      - fix struct ufs_req removal of unused field (git-fixes).
    
      - Fix warning messages when mounting to older servers
        (bsc#1144333).
    
      - fs/cifs/cifsacl.c Fixes typo in a comment (bsc#1144333).
    
      - fs: cifs: cifsssmb: Change return type of
        convert_ace_to_cifs_ace (bsc#1144333).
    
      - fs/cifs: do not translate SFM_SLASH (U+F026) to
        backslash (bsc#1144333).
    
      - fs: cifs: Drop unlikely before IS_ERR(_OR_NULL)
        (bsc#1144333).
    
      - fs/cifs: fix uninitialised variable warnings
        (bsc#1144333).
    
      - fs: cifs: Kconfig: pedantic formatting (bsc#1144333).
    
      - fs: cifs: Replace _free_xid call in cifs_root_iget
        function (bsc#1144333).
    
      - fs/cifs: require sha512 (bsc#1051510, bsc#1144333).
    
      - fs/cifs: Simplify ib_post_(send|recv|srq_recv)() calls
        (bsc#1144333).
    
      - fs/cifs/smb2pdu.c: fix buffer free in SMB2_ioctl_free
        (bsc#1144333).
    
      - fs/cifs: suppress a string overflow warning
        (bsc#1144333).
    
      - fs/*/Kconfig: drop links to 404-compliant
        http://acl.bestbits.at (bsc#1144333).
    
      - fsl/fman: Use GFP_ATOMIC in
        (memac,tgec)_add_hash_mac_address() (bsc#1051510).
    
      - fs/xfs: Fix return code of xfs_break_leased_layouts()
        (bsc#1148031).
    
      - fs: xfs: xfs_log: Do not use KM_MAYFAIL at
        xfs_log_reserve() (bsc#1148033).
    
      - ftrace: Check for empty hash and comment the race with
        registering probes (bsc#1149418).
    
      - ftrace: Check for successful allocation of hash
        (bsc#1149424).
    
      - ftrace: Fix NULL pointer dereference in t_probe_next()
        (bsc#1149413).
    
      - gpio: Fix build error of function redefinition
        (bsc#1051510).
    
      - gpio: gpio-omap: add check for off wake capable gpios
        (bsc#1051510).
    
      - gpiolib: fix incorrect IRQ requesting of an active-low
        lineevent (bsc#1051510).
    
      - gpiolib: never report open-drain/source lines as 'input'
        to user-space (bsc#1051510).
    
      - gpio: mxs: Get rid of external API call (bsc#1051510).
    
      - gpio: pxa: handle corner case of unprobed device
        (bsc#1051510).
    
      - gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
        (bsc#1142635)
    
      - HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
        (bsc#1051510).
    
      - HID: Add quirk for HP X1200 PIXART OEM mouse
        (bsc#1051510).
    
      - HID: cp2112: prevent sleeping function called from
        invalid context (bsc#1051510).
    
      - HID: hiddev: avoid opening a disconnected device
        (bsc#1051510).
    
      - HID: hiddev: do cleanup in failure of opening a device
        (bsc#1051510).
    
      - HID: holtek: test for sanity of intfdata (bsc#1051510).
    
      - HID: sony: Fix race condition between rumble and device
        remove (bsc#1051510).
    
      - HID: wacom: Correct distance scale for 2nd-gen Intuos
        devices (bsc#1142635).
    
      - HID: wacom: correct misreported EKR ring values
        (bsc#1142635).
    
      - HID: wacom: fix bit shift for Cintiq Companion 2
        (bsc#1051510).
    
      - hwmon: (nct7802) Fix wrong detection of in4 presence
        (bsc#1051510).
    
      - i2c: emev2: avoid race when unregistering slave client
        (bsc#1051510).
    
      - i2c: piix4: Fix port selection for AMD Family 16h Model
        30h (bsc#1051510).
    
      - i2c: qup: fixed releasing dma without flush operation
        completion (bsc#1051510).
    
      - IB/mlx5: Fix MR registration flow to use UMR properly
        (bsc#1093205 bsc#1145678).
    
      - ibmveth: Convert multicast list size for little-endian
        system (bsc#1061843).
    
      - ibmvnic: Do not process reset during or after device
        removal (bsc#1149652 ltc#179635).
    
      - ibmvnic: Unmap DMA address of TX descriptor buffers
        after use (bsc#1146351 ltc#180726).
    
      - igmp: fix memory leak in igmpv3_del_delrec()
        (networking-stable-19_07_25).
    
      - iio: adc: max9611: Fix misuse of GENMASK macro
        (bsc#1051510).
    
      - iio: adc: max9611: Fix temperature reading in probe
        (bsc#1051510).
    
      - Improve security, move default dialect to SMB3 from old
        CIFS (bsc#1051510, bsc#1144333).
    
      - include/linux/bitops.h: sanitize rotate primitives (git
        fixes).
    
      - Input: iforce - add sanity checks (bsc#1051510).
    
      - Input: kbtab - sanity check for endpoint type
        (bsc#1051510).
    
      - Input: synaptics - enable RMI mode for HP Spectre X360
        (bsc#1051510).
    
      - intel_th: pci: Add support for another Lewisburg PCH
        (bsc#1051510).
    
      - intel_th: pci: Add Tiger Lake support (bsc#1051510).
    
      - iommu/amd: Add support for X2APIC IOMMU interrupts
        (bsc#1145010).
    
      - iommu/amd: Fix race in increase_address_space()
        (bsc#1150860).
    
      - iommu/amd: Flush old domains in kdump kernel
        (bsc#1150861).
    
      - iommu/amd: Move iommu_init_pci() to .init section
        (bsc#1149105).
    
      - iommu/dma: Handle SG length overflow better
        (bsc#1146084).
    
      - ipip: validate header length in ipip_tunnel_xmit
        (git-fixes).
    
      - ipv4: do not set IPv6 only flags to IPv4 addresses
        (networking-stable-19_07_25).
    
      - irqchip/gic-v3-its: fix build warnings (bsc#1144880).
    
      - ISDN: hfcsusb: checking idx of ep configuration
        (bsc#1051510).
    
      - isdn: hfcsusb: Fix mISDN driver crash caused by transfer
        buffer on the stack (bsc#1051510).
    
      - isdn: mISDN: hfcsusb: Fix possible NULL pointer
        dereferences in start_isoc_chain() (bsc#1051510).
    
      - iwlwifi: dbg: split iwl_fw_error_dump to two functions
        (bsc#1119086).
    
      - iwlwifi: do not unmap as page memory that was mapped as
        single (bsc#1051510).
    
      - iwlwifi: fix bad dma handling in page_mem dumping flow
        (bsc#1120902).
    
      - iwlwifi: fw: use helper to determine whether to dump
        paging (bsc#1106434). Patch needed to be adjusted,
        because our tree does not have the global variable
        IWL_FW_ERROR_DUMP_PAGING
    
      - iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT on version
        < 41 (bsc#1142635).
    
      - iwlwifi: mvm: fix an out-of-bound access (bsc#1051510).
    
      - iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT
        support (bsc#1142635).
    
      - iwlwifi: pcie: do not service an interrupt that was
        masked (bsc#1142635).
    
      - iwlwifi: pcie: fix ALIVE interrupt handling for gen2
        devices w/o MSI-X (bsc#1142635).
    
      - jbd2: flush_descriptor(): Do not decrease buffer head's
        ref count (bsc#1143843).
    
      - jbd2: introduce jbd2_inode dirty range scoping
        (bsc#1148616).
    
      - kABI: Fix kABI for 'struct amd_iommu' (bsc#1145010).
    
      - kasan: remove redundant initialization of variable
        'real_size' (git fixes).
    
      - kconfig/[mn]conf: handle backspace (^H) key
        (bsc#1051510).
    
      - keys: Fix missing NULL pointer check in
        request_key_auth_describe() (bsc#1051510).
    
      - KVM: Fix leak vCPU's VMCS value into other pCPU
        (bsc#1145388).
    
      - KVM: LAPIC: Fix pending interrupt in IRR blocked by
        software disable LAPIC (bsc#1145408).
    
      - KVM: nVMX: allow setting the VMFUNC controls MSR
        (bsc#1145389).
    
      - KVM: nVMX: do not use dangling shadow VMCS after guest
        reset (bsc#1145390).
    
      - kvm: nVMX: Remove unnecessary sync_roots from
        handle_invept (bsc#1145391).
    
      - KVM: nVMX: Use adjusted pin controls for vmcs02
        (bsc#1145392).
    
      - KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation
        (bsc#1061840).
    
      - KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT
        with bad value (bsc#1145393).
    
      - KVM: VMX: check CPUID before allowing read/write of
        IA32_XSS (bsc#1145394).
    
      - KVM: VMX: Fix handling of #MC that occurs during
        VM-Entry (bsc#1145395).
    
      - KVM: x86: degrade WARN to pr_warn_ratelimited
        (bsc#1145409).
    
      - KVM: x86: Do not update RIP or do single-step on
        faulting emulation (bsc#1149104).
    
      - KVM: x86: fix backward migration with async_PF
        (bsc#1146074).
    
      - kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array
        emulated_msrs (bsc#1134881 bsc#1134882).
    
      - KVM: X86: Reduce the overhead when lapic_timer_advance
        is disabled (bsc#1149083).
    
      - KVM: x86: Unconditionally enable irqs in guest context
        (bsc#1145396).
    
      - KVM: x86/vPMU: refine kvm_pmu err msg when event
        creation failed (bsc#1145397).
    
      - lan78xx: Fix memory leaks (bsc#1051510).
    
      - libata: add SG safety checks in SFF pio transfers
        (bsc#1051510).
    
      - libata: have ata_scsi_rw_xlat() fail invalid passthrough
        requests (bsc#1051510).
    
      - libceph: allow ceph_buffer_put() to receive a NULL
        ceph_buffer (bsc#1148133).
    
      - libceph: fix PG split vs OSD (re)connect race
        (bsc#1148133).
    
      - libnvdimm/pfn: Store correct value of npfns in namespace
        superblock (bsc#1146381 ltc#180720).
    
      - liquidio: add cleanup in octeon_setup_iq()
        (bsc#1051510).
    
      - loop: set PF_MEMALLOC_NOIO for the worker thread (git
        fixes).
    
      - mac80211: do not warn about CW params when not using
        them (bsc#1051510).
    
      - mac80211: do not WARN on short WMM parameters from AP
        (bsc#1051510).
    
      - mac80211: fix possible memory leak in
        ieee80211_assign_beacon (bsc#1142635).
    
      - mac80211: fix possible sta leak (bsc#1051510).
    
      - md: add mddev->pers to avoid potential NULL pointer
        dereference (git fixes).
    
      - md/raid: raid5 preserve the writeback action after the
        parity check (git fixes).
    
      - media: au0828: fix null dereference in error path
        (bsc#1051510).
    
      - media: pvrusb2: use a different format for warnings
        (bsc#1051510).
    
      - mfd: arizona: Fix undefined behavior (bsc#1051510).
    
      - mfd: core: Set fwnode for created devices (bsc#1051510).
    
      - mfd: hi655x-pmic: Fix missing return value check for
        devm_regmap_init_mmio_clk (bsc#1051510).
    
      - mfd: intel-lpss: Add Intel Comet Lake PCI IDs
        (jsc#SLE-4875).
    
      - mm: add filemap_fdatawait_range_keep_errors()
        (bsc#1148616).
    
      - mmc: cavium: Add the missing dma unmap when the dma has
        finished (bsc#1051510).
    
      - mmc: cavium: Set the correct dma max segment size for
        mmc_host (bsc#1051510).
    
      - mmc: core: Fix init of SD cards reporting an invalid VDD
        range (bsc#1051510).
    
      - mmc: dw_mmc: Fix occasional hang after tuning on eMMC
        (bsc#1051510).
    
      - mmc: sdhci-of-at91: add quirk for broken HS200
        (bsc#1051510).
    
      - mmc: sdhci-pci: Add support for Intel CML
        (jsc#SLE-4875).
    
      - mmc: sdhci-pci: Add support for Intel ICP
        (jsc#SLE-4875).
    
      - mm: do not stall register_shrinker() (bsc#1104902, VM
        Performance).
    
      - mm/hmm: fix bad subpage pointer in try_to_unmap_one
        (bsc#1148202, HMM, VM Functionality).
    
      - mm/hotplug: fix offline undo_isolate_page_range()
        (bsc#1148196, VM Functionality).
    
      - mm/list_lru.c: fix memory leak in
        __memcg_init_list_lru_node (bsc#1148379, VM
        Functionality).
    
      - mm/memcontrol.c: fix use after free in mem_cgroup_iter()
        (bsc#1149224, VM Functionality).
    
      - mm/memory.c: recheck page table entry with page table
        lock held (bsc#1148363, VM Functionality).
    
      - mm/migrate.c: initialize pud_entry in migrate_vma()
        (bsc#1148198, HMM, VM Functionality).
    
      - mm/mlock.c: change count_mm_mlocked_page_nr return type
        (bsc#1148527, VM Functionality).
    
      - mm/mlock.c: mlockall error for flag MCL_ONFAULT
        (bsc#1148527, VM Functionality).
    
      - mm/page_alloc.c: fix calculation of pgdat->nr_zones
        (bsc#1148192, VM Functionality).
    
      - mm: page_mapped: do not assume compound page is huge or
        THP (bsc#1148574, VM Functionality).
    
      - mm, page_owner: handle THP splits correctly
        (bsc#1149197, VM Debugging Functionality).
    
      - mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
        (bsc#1118689).
    
      - mm/vmscan.c: fix trying to reclaim unevictable LRU page
        (bsc#1149214, VM Functionality).
    
      - move a few externs to smbdirect.h to eliminate warning
        (bsc#1144333).
    
      - mpls: fix warning with multi-label encap (bsc#1051510).
    
      - nbd: replace kill_bdev() with __invalidate_device()
        again (git fixes).
    
      - Negotiate and save preferred compression algorithms
        (bsc#1144333).
    
      - net: bcmgenet: use promisc for unsupported filters
        (networking-stable-19_07_25).
    
      - net: bridge: mcast: fix stale ipv6 hdr pointer when
        handling v6 query (networking-stable-19_07_25).
    
      - net: bridge: mcast: fix stale nsrcs pointer in
        igmp3/mld2 report handling (networking-stable-19_07_25).
    
      - net: bridge: stp: do not cache eth dest pointer before
        skb pull (networking-stable-19_07_25).
    
      - net: dsa: mv88e6xxx: wait after reset deactivation
        (networking-stable-19_07_25).
    
      - net: ena: add ethtool function for changing io queue
        sizes (bsc#1139020 bsc#1139021).
    
      - net: ena: add good checksum counter (bsc#1139020
        bsc#1139021).
    
      - net: ena: add handling of llq max tx burst size
        (bsc#1139020 bsc#1139021).
    
      - net: ena: add MAX_QUEUES_EXT get feature admin command
        (bsc#1139020 bsc#1139021).
    
      - net: ena: add newline at the end of pr_err prints
        (bsc#1139020 bsc#1139021).
    
      - net: ena: add support for changing max_header_size in
        LLQ mode (bsc#1139020 bsc#1139021).
    
      - net: ena: allow automatic fallback to polling mode
        (bsc#1139020 bsc#1139021).
    
      - net: ena: allow queue allocation backoff when low on
        memory (bsc#1139020 bsc#1139021).
    
      - net: ena: arrange ena_probe() function variables in
        reverse christmas tree (bsc#1139020 bsc#1139021).
    
      - net: ena: enable negotiating larger Rx ring size
        (bsc#1139020 bsc#1139021).
    
      - net: ena: ethtool: add extra properties retrieval via
        get_priv_flags (bsc#1139020 bsc#1139021).
    
      - net: ena: Fix bug where ring allocation backoff stopped
        too late (bsc#1139020 bsc#1139021).
    
      - net: ena: fix ena_com_fill_hash_function()
        implementation (bsc#1139020 bsc#1139021).
    
      - net: ena: fix: Free napi resources when ena_up() fails
        (bsc#1139020 bsc#1139021).
    
      - net: ena: fix incorrect test of supported hash function
        (bsc#1139020 bsc#1139021).
    
      - net: ena: fix: set freed objects to NULL to avoid
        failing future allocations (bsc#1139020 bsc#1139021).
    
      - net: ena: fix swapped parameters when calling
        ena_com_indirect_table_fill_entry (bsc#1139020
        bsc#1139021).
    
      - net: ena: gcc 8: fix compilation warning (bsc#1139020
        bsc#1139021).
    
      - net: ena: improve latency by disabling adaptive
        interrupt moderation by default (bsc#1139020
        bsc#1139021).
    
      - net: ena: make ethtool show correct current and max
        queue sizes (bsc#1139020 bsc#1139021).
    
      - net: ena: optimise calculations for CQ doorbell
        (bsc#1139020 bsc#1139021).
    
      - net: ena: remove inline keyword from functions in *.c
        (bsc#1139020 bsc#1139021).
    
      - net: ena: replace free_tx/rx_ids union with single
        free_ids field in ena_ring (bsc#1139020 bsc#1139021).
    
      - net: ena: update driver version from 2.0.3 to 2.1.0
        (bsc#1139020 bsc#1139021).
    
      - net: ena: use dev_info_once instead of static variable
        (bsc#1139020 bsc#1139021).
    
      - net: Fix netdev_WARN_ONCE macro (git-fixes).
    
      - net/ibmvnic: Fix missing ( in __ibmvnic_reset
        (bsc#1149652 ltc#179635).
    
      - net/ibmvnic: free reset work of removed device from
        queue (bsc#1149652 ltc#179635).
    
      - net: Introduce netdev_*_once functions
        (networking-stable-19_07_25).
    
      - net: make skb_dst_force return true when dst is
        refcounted (networking-stable-19_07_25).
    
      - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw
        command (bsc#1145678).
    
      - net/mlx5e: IPoIB, Add error path in mlx5_rdma_setup_rn
        (networking-stable-19_07_25).
    
      - net: neigh: fix multiple neigh timer scheduling
        (networking-stable-19_07_25).
    
      - net: openvswitch: fix csum updates for MPLS actions
        (networking-stable-19_07_25).
    
      - netrom: fix a memory leak in nr_rx_frame()
        (networking-stable-19_07_25).
    
      - netrom: hold sock when setting skb->destructor
        (networking-stable-19_07_25).
    
      - net_sched: unset TCQ_F_CAN_BYPASS when adding filters
        (networking-stable-19_07_25).
    
      - net: sched: verify that q!=NULL before setting q->flags
        (git-fixes).
    
      - net: usb: pegasus: fix improper read if get_registers()
        fail (bsc#1051510).
    
      - NFS: Cleanup if nfs_match_client is interrupted
        (bsc#1134291).
    
      - NFS: Fix a double unlock from nfs_match,get_client
        (bsc#1134291).
    
      - NFS: Fix the inode request accounting when pages have
        subrequests (bsc#1140012).
    
      - NFS: make nfs_match_client killable (bsc#1134291).
    
      - nilfs2: do not use unexported
        cpu_to_le32()/le32_to_cpu() in uapi header (git fixes).
    
      - nvme: cancel request synchronously (bsc#1145661).
    
      - nvme: change locking for the per-subsystem controller
        list (bsc#1142541).
    
      - nvme-core: Fix extra device_put() call on error path
        (bsc#1142541).
    
      - nvme-fc: fix module unloads while lports still pending
        (bsc#1150033).
    
      - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN
        (bsc#1146938).
    
      - nvme-multipath: fix ana log nsid lookup when nsid is not
        found (bsc#1141554).
    
      - nvme-multipath: relax ANA state check (bsc#1123105).
    
      - nvme-multipath: revalidate nvme_ns_head gendisk in
        nvme_validate_ns (bsc#1120876).
    
      - nvme: Return BLK_STS_TARGET if the DNR bit is set
        (bsc#1142076).
    
      - objtool: Add rewind_stack_do_exit() to the noreturn list
        (bsc#1145302).
    
      - objtool: Support GCC 9 cold subfunction naming scheme
        (bsc#1145300).
    
      - octeon_mgmt: Fix MIX registers configuration on MTU
        setup (bsc#1051510).
    
      - PCI: PM/ACPI: Refresh all stale power state data in
        pci_pm_complete() (bsc#1149106).
    
      - PCI: Restore Resizable BAR size bits correctly for 1MB
        BARs (bsc#1143841).
    
      - phy: qcom-qusb2: Fix crash if nvmem cell not specified
        (bsc#1051510).
    
      - phy: renesas: rcar-gen2: Fix memory leak at error paths
        (bsc#1051510).
    
      - PM / devfreq: rk3399_dmc: do not print error when get
        supply and clk defer (bsc#1144718,bsc#1144813).
    
      - PM / devfreq: rk3399_dmc: fix spelling mistakes
        (bsc#1144718,bsc#1144813).
    
      - PM / devfreq: rk3399_dmc: Pass ODT and auto power down
        parameters to TF-A (bsc#1144718,bsc#1144813).
    
      - PM / devfreq: rk3399_dmc: remove unneeded semicolon
        (bsc#1144718,bsc#1144813).
    
      - PM / devfreq: rk3399_dmc: remove wait for dcf irq event
        (bsc#1144718,bsc#1144813).
    
      - PM / devfreq: rockchip-dfi: Move GRF definitions to a
        common place (bsc#1144718,bsc#1144813).
    
      - PM / OPP: OF: Use pr_debug() instead of pr_err() while
        adding OPP table (jsc#SLE-7294).
    
      - powerpc/64s: Include cpu header (bsc#1065729).
    
      - powerpc/64s: support nospectre_v2 cmdline option
        (bsc#1131107).
    
      - powerpc: Allow flush_(inval_)dcache_range to work across
        ranges >4GB (bsc#1146575 ltc#180764).
    
      - powerpc/book3s/64: check for NULL pointer in pgd_alloc()
        (bsc#1078248, git-fixes).
    
      - powerpc: dump kernel log before carrying out fadump or
        kdump (bsc#1149940 ltc#179958).
    
      - powerpc/fadump: Do not allow hot-remove memory from
        fadump reserved area (bsc#1120937).
    
      - powerpc/fadump: Reservationless firmware assisted dump
        (bsc#1120937).
    
      - powerpc/fadump: Throw proper error message on fadump
        registration failure (bsc#1120937).
    
      - powerpc/fadump: use kstrtoint to handle sysfs store
        (bsc#1146376).
    
      - powerpc/fadump: when fadump is supported register the
        fadump sysfs files (bsc#1146352).
    
      - powerpc/fsl: Add nospectre_v2 command line argument
        (bsc#1131107).
    
      - powerpc/fsl: Update Spectre v2 reporting (bsc#1131107).
    
      - powerpc/lib: Fix feature fixup test of external branch
        (bsc#1065729).
    
      - powerpc/mm: Handle page table allocation failures
        (bsc#1065729).
    
      - powerpc/perf: Add constraints for power9 l2/l3 bus
        events (bsc#1056686).
    
      - powerpc/perf: Add mem access events to sysfs
        (bsc#1124370).
    
      - powerpc/perf: Cleanup cache_sel bits comment
        (bsc#1056686).
    
      - powerpc/perf: Fix thresholding counter data for unknown
        type (bsc#1056686).
    
      - powerpc/perf: Remove PM_BR_CMPL_ALT from power9 event
        list (bsc#1047238, bsc#1056686).
    
      - powerpc/perf: Update perf_regs structure to include SIER
        (bsc#1056686).
    
      - powerpc/powernv: Flush console before platform error
        reboot (bsc#1149940 ltc#179958).
    
      - powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of
        numbers in interrupt handler (bsc#1065729).
    
      - powerpc/powernv: Return for invalid IMC domain
        (bsc1054914, git-fixes).
    
      - powerpc/powernv: Use kernel crash path for machine
        checks (bsc#1149940 ltc#179958).
    
      - powerpc/pseries: add missing cpumask.h include file
        (bsc#1065729).
    
      - powerpc/pseries: correctly track irq state in default
        idle (bsc#1150727 ltc#178925).
    
      - powerpc/pseries, ps3: panic flush kernel messages before
        halting system (bsc#1149940 ltc#179958).
    
      - powerpc/rtas: use device model APIs and serialization
        during LPM (bsc#1144123 ltc#178840).
    
      - powerpc/security: Show powerpc_security_features in
        debugfs (bsc#1131107).
    
      - powerpc/xive: Fix dump of XIVE interrupt under pseries
        (bsc#1142019).
    
      - powerpc/xive: Fix loop exit-condition in
        xive_find_target_in_mask() (bsc#1085030, bsc#1145189,
        LTC#179762).
    
      - powerpc/xmon: Add a dump of all XIVE interrupts
        (bsc#1142019).
    
      - powerpc/xmon: Check for HV mode when dumping XIVE info
        from OPAL (bsc#1142019).
    
      - qede: fix write to free'd pointer error and double free
        of ptp (bsc#1051510).
    
      - regulator: qcom_spmi: Fix math of
        spmi_regulator_set_voltage_time_sel (bsc#1051510).
    
      - Remove ifdef since SMB3 (and later) now STRONGLY
        preferred (bsc#1051510, bsc#1144333).
    
      - Revert 'Bluetooth: validate BLE connection interval
        updates' (bsc#1051510).
    
      - Revert 'cfg80211: fix processing world regdomain when
        non modular' (bsc#1051510).
    
      - Revert 'dm bufio: fix deadlock with loop device' (git
        fixes).
    
      - Revert i915 userptr page lock patch (bsc#1145051) 
    
      - Revert 'net: ena: ethtool: add extra properties
        retrieval via get_priv_flags' (bsc#1139020 bsc#1139021).
    
      - Revert
        patches.suse/0001-blk-wbt-Avoid-lock-contention-and-thun
        dering-herd-is.patch (bsc#1141543) 
    
      - rpm/kernel-binary.spec.in: Enable missing modules check.
    
      - rpmsg: added MODULE_ALIAS for rpmsg_char (bsc#1051510).
    
      - rpmsg: smd: do not use mananged resources for endpoints
        and channels (bsc#1051510).
    
      - rpmsg: smd: fix memory leak on channel create
        (bsc#1051510).
    
      - rsi: improve kernel thread handling to fix kernel panic
        (bsc#1051510).
    
      - rslib: Fix decoding of shortened codes (bsc#1051510).
    
      - rslib: Fix handling of of caller provided syndrome
        (bsc#1051510).
    
      - rtc: pcf8523: do not return invalid date when battery is
        low (bsc#1051510).
    
      - rxrpc: Fix send on a connected, but unbound socket
        (networking-stable-19_07_25).
    
      - s390/cio: fix ccw_device_start_timeout API (bsc#1142109
        LTC#179339).
    
      - s390/dasd: fix endless loop after read unit address
        configuration (bsc#1144912 LTC#179907).
    
      - s390/qeth: avoid control IO completion stalls
        (bsc#1142109 LTC#179339).
    
      - s390/qeth: cancel cmd on early error (bsc#1142109
        LTC#179339).
    
      - s390/qeth: fix request-side race during cmd IO timeout
        (bsc#1142109 LTC#179339).
    
      - s390/qeth: release cmd buffer in error paths
        (bsc#1142109 LTC#179339).
    
      - s390/qeth: simplify reply object handling (bsc#1142109
        LTC#179339).
    
      - samples, bpf: fix to change the buffer size for read()
        (bsc#1051510).
    
      - samples: mei: use /dev/mei0 instead of /dev/mei
        (bsc#1051510).
    
      - sched/fair: Do not free p->numa_faults with concurrent
        readers (bsc#1144920).
    
      - sched/fair: Use RCU accessors consistently for
        ->numa_group (bsc#1144920).
    
      - scripts/checkstack.pl: Fix arm64 wrong or unknown
        architecture (bsc#1051510).
    
      - scripts/decode_stacktrace: only strip base path when a
        prefix of the path (bsc#1051510).
    
      - scripts/decode_stacktrace.sh: prefix addr2line with
        $CROSS_COMPILE (bsc#1051510).
    
      - scripts/gdb: fix lx-version string output (bsc#1051510).
    
      - scripts/git_sort/git_sort.py :
    
      - scsi: aacraid: Fix missing break in switch statement
        (git-fixes).
    
      - scsi: aacraid: Fix performance issue on logical drives
        (git-fixes).
    
      - scsi: aic94xx: fix an error code in aic94xx_init()
        (git-fixes).
    
      - scsi: aic94xx: fix module loading (git-fixes).
    
      - scsi: bfa: convert to strlcpy/strlcat (git-fixes).
    
      - scsi: bnx2fc: fix incorrect cast to u64 on shift
        operation (git-fixes).
    
      - scsi: bnx2fc: Fix NULL dereference in error handling
        (git-fixes).
    
      - scsi: core: Fix race on creating sense cache
        (git-fixes).
    
      - scsi: core: set result when the command cannot be
        dispatched (git-fixes).
    
      - scsi: core: Synchronize request queue PM status only on
        successful resume (git-fixes).
    
      - scsi: cxlflash: Mark expected switch fall-throughs
        (bsc#1148868).
    
      - scsi: cxlflash: Prevent deadlock when adapter probe
        fails (git-fixes).
    
      - scsi: esp_scsi: Track residual for PIO transfers
        (git-fixes) Also, mitigate kABI changes.
    
      - scsi: fas216: fix sense buffer initialization
        (git-fixes).
    
      - scsi: isci: initialize shost fully before calling
        scsi_add_host() (git-fixes).
    
      - scsi: libfc: fix NULL pointer dereference on a null
        lport (git-fixes).
    
      - scsi: libsas: delete sas port if expander discover
        failed (git-fixes).
    
      - scsi: libsas: Fix rphy phy_identifier for PHYs with end
        devices attached (git-fixes).
    
      - scsi: mac_scsi: Fix pseudo DMA implementation, take 2
        (git-fixes).
    
      - scsi: mac_scsi: Increase PIO/PDMA transfer length
        threshold (git-fixes).
    
      - scsi: megaraid: fix out-of-bound array accesses
        (git-fixes).
    
      - scsi: megaraid_sas: Fix calculation of target ID
        (git-fixes).
    
      - scsi: NCR5380: Always re-enable reselection interrupt
        (git-fixes).
    
      - scsi: qedf: Add debug information for unsolicited
        processing (bsc#1149976).
    
      - scsi: qedf: Add shutdown callback handler (bsc#1149976).
    
      - scsi: qedf: Add support for 20 Gbps speed (bsc#1149976).
    
      - scsi: qedf: Check both the FCF and fabric ID before
        servicing clear virtual link (bsc#1149976).
    
      - scsi: qedf: Check for link state before processing LL2
        packets and send fipvlan retries (bsc#1149976).
    
      - scsi: qedf: Check for module unloading bit before
        processing link update AEN (bsc#1149976).
    
      - scsi: qedf: Decrease the LL2 MTU size to 2500
        (bsc#1149976).
    
      - scsi: qedf: Fix race betwen fipvlan request and response
        path (bsc#1149976).
    
      - scsi: qedf: Initiator fails to re-login to switch after
        link down (bsc#1149976).
    
      - scsi: qedf: Print message during bailout conditions
        (bsc#1149976).
    
      - scsi: qedf: remove memset/memcpy to nfunc and use func
        instead (git-fixes).
    
      - scsi: qedf: remove set but not used variables
        (bsc#1149976).
    
      - scsi: qedf: Stop sending fipvlan request on unload
        (bsc#1149976).
    
      - scsi: qedf: Update module description string
        (bsc#1149976).
    
      - scsi: qedf: Update the driver version to 8.37.25.20
        (bsc#1149976).
    
      - scsi: qedf: Update the version to 8.42.3.0
        (bsc#1149976).
    
      - scsi: qedf: Use discovery list to traverse rports
        (bsc#1149976).
    
      - scsi: qedi: remove declaration of nvm_image from stack
        (git-fixes).
    
      - scsi: qla2xxx: Add cleanup for PCI EEH recovery
        (bsc#1129424).
    
      - scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts
        memory (git-fixes).
    
      - scsi: qla2xxx: Fix a format specifier (git-fixes).
    
      - scsi: qla2xxx: Fix an endian bug in
        fcpcmd_is_corrupted() (git-fixes).
    
      - scsi: qla2xxx: Fix device staying in blocked state
        (git-fixes).
    
      - scsi: qla2xxx: Fix error handling in
        qlt_alloc_qfull_cmd() (git-fixes).
    
      - scsi: qla2xxx: Unregister chrdev if module
        initialization fails (git-fixes).
    
      - scsi: qla2xxx: Update two source code comments
        (git-fixes).
    
      - scsi: qla4xxx: avoid freeing unallocated dma memory
        (git-fixes).
    
      - scsi: raid_attrs: fix unused variable warning
        (git-fixes).
    
      - scsi: scsi_dh_alua: Fix possible null-ptr-deref
        (git-fixes).
    
      - scsi: sd: Defer spinning up drive while SANITIZE is in
        progress (git-fixes).
    
      - scsi: sd: Fix a race between closing an sd device and sd
        I/O (git-fixes).
    
      - scsi: sd: Fix cache_type_store() (git-fixes).
    
      - scsi: sd: Optimal I/O size should be a multiple of
        physical block size (git-fixes).
    
      - scsi: sd: Quiesce warning if device does not report
        optimal I/O size (git-fixes).
    
      - scsi: sd: use mempool for discard special page
        (git-fixes).
    
      - scsi: sd_zbc: Fix potential memory leak (git-fixes).
    
      - scsi: smartpqi: unlock on error in
        pqi_submit_raid_request_synchronous() (git-fixes).
    
      - scsi: sr: Avoid that opening a CD-ROM hangs with runtime
        power management enabled (git-fixes).
    
      - scsi: ufs: Avoid runtime suspend possibly being blocked
        forever (git-fixes).
    
      - scsi: ufs: Check that space was properly alloced in
        copy_query_response (git-fixes).
    
      - scsi: ufs: Fix NULL pointer dereference in
        ufshcd_config_vreg_hpm() (git-fixes).
    
      - scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
        (git-fixes).
    
      - scsi: ufs: fix wrong command type of UTRD for UFSHCI
        v2.1 (git-fixes).
    
      - scsi: use dma_get_cache_alignment() as minimum DMA
        alignment (git-fixes).
    
      - scsi: virtio_scsi: do not send sc payload with tmfs
        (git-fixes).
    
      - signal/cifs: Fix cifs_put_tcp_session to call send_sig
        instead of force_sig (bsc#1144333).
    
      - sis900: fix TX completion (bsc#1051510).
    
      - smb2: fix missing files in root share directory listing
        (bsc#1112907, bsc#1144333).
    
      - smb2: fix typo in definition of a few error flags
        (bsc#1144333).
    
      - smb2: fix uninitialized variable bug in
        smb2_ioctl_query_info (bsc#1144333).
    
      - smb3.1.1: Add GCM crypto to the encrypt and decrypt
        functions (bsc#1144333).
    
      - smb3.1.1 dialect is no longer experimental (bsc#1051510,
        bsc#1144333).
    
      - smb311: Fix reconnect (bsc#1051510, bsc#1144333).
    
      - smb311: Improve checking of negotiate security contexts
        (bsc#1051510, bsc#1144333).
    
      - smb3.11: replace a 4 with
        server->vals->header_preamble_size (bsc#1144333).
    
      - smb3: add additional ftrace entry points for entry/exit
        to cifs.ko (bsc#1144333).
    
      - smb3: add credits we receive from oplock/break PDUs
        (bsc#1144333).
    
      - smb3: add debug for unexpected mid cancellation
        (bsc#1144333).
    
      - smb3: Add debug message later in smb2/smb3 reconnect
        path (bsc#1144333).
    
      - smb3: add define for id for posix create context and
        corresponding struct (bsc#1144333).
    
      - smb3: Add defines for new negotiate contexts
        (bsc#1144333).
    
      - smb3: add dynamic trace point for query_info_enter/done
        (bsc#1144333).
    
      - smb3: add dynamic trace point for smb3_cmd_enter
        (bsc#1144333).
    
      - smb3: add dynamic tracepoint for timeout waiting for
        credits (bsc#1144333).
    
      - smb3: add dynamic tracepoints for simple fallocate and
        zero range (bsc#1144333).
    
      - smb3: Add dynamic trace points for various compounded
        smb3 ops (bsc#1144333).
    
      - smb3: Add ftrace tracepoints for improved SMB3 debugging
        (bsc#1144333).
    
      - smb3: Add handling for different FSCTL access flags
        (bsc#1144333).
    
      - smb3: add missing read completion trace point
        (bsc#1144333).
    
      - smb3: add module alias for smb3 to cifs.ko
        (bsc#1144333).
    
      - smb3: add new mount option to retrieve mode from special
        ACE (bsc#1144333).
    
      - smb3: Add posix create context for smb3.11 posix mounts
        (bsc#1144333).
    
      - smb3: Add protocol structs for change notify support
        (bsc#1144333).
    
      - smb3: add reconnect tracepoints (bsc#1144333).
    
      - smb3: Add SMB3.1.1 GCM to negotiated crypto algorigthms
        (bsc#1144333).
    
      - smb3: add smb3.1.1 to default dialect list
        (bsc#1144333).
    
      - smb3: Add support for multidialect negotiate (SMB2.1 and
        later) (bsc#1051510, bsc#1144333).
    
      - smb3: add support for posix negotiate context
        (bsc#1144333).
    
      - smb3: add support for statfs for smb3.1.1 posix
        extensions (bsc#1144333).
    
      - smb3: add tracepoint for sending lease break responses
        to server (bsc#1144333).
    
      - smb3: add tracepoint for session expired or deleted
        (bsc#1144333).
    
      - smb3: add tracepoint for slow responses (bsc#1144333).
    
      - smb3: add trace point for tree connection (bsc#1144333).
    
      - smb3: add tracepoints for query dir (bsc#1144333).
    
      - smb3: Add tracepoints for read, write and query_dir
        enter (bsc#1144333).
    
      - smb3: add tracepoints for smb2/smb3 open (bsc#1144333).
    
      - smb3: add tracepoint to catch cases where credit refund
        of failed op overlaps reconnect (bsc#1144333).
    
      - smb3: add way to control slow response threshold for
        logging and stats (bsc#1144333).
    
      - smb3: allow more detailed protocol info on open files
        for debugging (bsc#1144333).
    
      - smb3: Allow persistent handle timeout to be configurable
        on mount (bsc#1144333).
    
      - smb3: allow posix mount option to enable new SMB311
        protocol extensions (bsc#1144333).
    
      - smb3: allow previous versions to be mounted with
        snapshot= mount parm (bsc#1144333).
    
      - smb3: Allow query of symlinks stored as reparse points
        (bsc#1144333).
    
      - smb3: Allow SMB3 FSCTL queries to be sent to server from
        tools (bsc#1144333).
    
      - smb3: allow stats which track session and share
        reconnects to be reset (bsc#1051510, bsc#1144333).
    
      - smb3: Backup intent flag missing for directory opens
        with backupuid mounts (bsc#1051510, bsc#1144333).
    
      - smb3: Backup intent flag missing from compounded ops
        (bsc#1144333).
    
      - smb3: check for and properly advertise directory lease
        support (bsc#1051510, bsc#1144333).
    
      - smb3 clean up debug output displaying network interfaces
        (bsc#1144333).
    
      - smb3: Cleanup license mess (bsc#1144333).
    
      - smb3: Clean up query symlink when reparse point
        (bsc#1144333).
    
      - smb3: create smb3 equivalent alias for cifs
        pseudo-xattrs (bsc#1144333).
    
      - smb3: directory sync should not return an error
        (bsc#1051510, bsc#1144333).
    
      - smb3: display bytes_read and bytes_written in smb3 stats
        (bsc#1144333).
    
      - smb3: display security information in
        /proc/fs/cifs/DebugData more accurately (bsc#1144333).
    
      - smb3: display session id in debug data (bsc#1144333).
    
      - smb3: display stats counters for number of slow commands
        (bsc#1144333).
    
      - smb3: display volume serial number for shares in
        /proc/fs/cifs/DebugData (bsc#1144333).
    
      - smb3: do not allow insecure cifs mounts when using smb3
        (bsc#1144333).
    
      - smb3: do not attempt cifs operation in smb3 query info
        error path (bsc#1051510, bsc#1144333).
    
      - smb3: do not display confusing message on mount to Azure
        servers (bsc#1144333).
    
      - smb3: do not display empty interface list (bsc#1144333).
    
      - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags
        (bsc#1085536, bsc#1144333).
    
      - smb3: do not request leases in symlink creation and
        query (bsc#1051510, bsc#1144333).
    
      - smb3: do not send compression info by default
        (bsc#1144333).
    
      - smb3: Do not send SMB3 SET_INFO if nothing changed
        (bsc#1051510, bsc#1144333).
    
      - smb3: enumerating snapshots was leaving part of the data
        off end (bsc#1051510, bsc#1144333).
    
      - smb3: fill in statfs fsid and correct namelen
        (bsc#1112905, bsc#1144333).
    
      - smb3: Fix 3.11 encryption to Windows and handle
        encrypted smb3 tcon (bsc#1051510, bsc#1144333).
    
      - smb3: fix bytes_read statistics (bsc#1144333).
    
      - smb3: fix corrupt path in subdirs on smb311 with posix
        (bsc#1144333).
    
      - smb3: Fix deadlock in validate negotiate hits reconnect
        (bsc#1144333).
    
      - smb3: Fix endian warning (bsc#1144333, bsc#1137884).
    
      - smb3: Fix enumerating snapshots to Azure (bsc#1144333).
    
      - smb3: fix large reads on encrypted connections
        (bsc#1144333).
    
      - smb3: fix lease break problem introduced by compounding
        (bsc#1144333).
    
      - smb3: Fix length checking of SMB3.11 negotiate request
        (bsc#1051510, bsc#1144333).
    
      - smb3: fix minor debug output for CONFIG_CIFS_STATS
        (bsc#1144333).
    
      - smb3: Fix mode on mkdir on smb311 mounts (bsc#1144333).
    
      - smb3: Fix potential memory leak when processing compound
        chain (bsc#1144333).
    
      - smb3: fix redundant opens on root (bsc#1144333).
    
      - smb3: fix reset of bytes read and written stats
        (bsc#1112906, bsc#1144333).
    
      - smb3: Fix rmdir compounding regression to strict servers
        (bsc#1144333).
    
      - smb3: Fix root directory when server returns inode
        number of zero (bsc#1051510, bsc#1144333).
    
      - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510,
        bsc#1144333).
    
      - smb3: fix various xid leaks (bsc#1051510, bsc#1144333).
    
      - smb3: for kerberos mounts display the credential uid
        used (bsc#1144333).
    
      - smb3: handle new statx fields (bsc#1085536,
        bsc#1144333).
    
      - smb3: if max_credits is specified then display it in
        /proc/mounts (bsc#1144333).
    
      - smb3: if server does not support posix do not allow
        posix mount option (bsc#1144333).
    
      - smb3: improve dynamic tracing of open and posix mkdir
        (bsc#1144333).
    
      - smb3: increase initial number of credits requested to
        allow write (bsc#1144333).
    
      - smb3: Kernel oops mounting a encryptData share with
        CONFIG_DEBUG_VIRTUAL (bsc#1144333).
    
      - smb3: Log at least once if tree connect fails during
        reconnect (bsc#1144333).
    
      - smb3: make default i/o size for smb3 mounts larger
        (bsc#1144333).
    
      - smb3: minor cleanup of compound_send_recv (bsc#1144333).
    
      - smb3: minor debugging clarifications in rfc1001 len
        processing (bsc#1144333).
    
      - smb3: minor missing defines relating to reparse points
        (bsc#1144333).
    
      - smb3: missing defines and structs for reparse point
        handling (bsc#1144333).
    
      - smb3: note that smb3.11 posix extensions mount option is
        experimental (bsc#1144333).
    
      - smb3: Number of requests sent should be displayed for
        SMB3 not just CIFS (bsc#1144333).
    
      - smb3: on kerberos mount if server does not specify auth
        type use krb5 (bsc#1051510, bsc#1144333).
    
      - smb3: on reconnect set PreviousSessionId field
        (bsc#1112899, bsc#1144333).
    
      - smb3: optimize open to not send query file internal info
        (bsc#1144333).
    
      - smb3: passthru query info does not check for SMB3 FSCTL
        passthru (bsc#1144333).
    
      - smb3: print tree id in debugdata in proc to be able to
        help logging (bsc#1144333).
    
      - smb3: query inode number on open via create context
        (bsc#1144333).
    
      - smb3: remove noisy warning message on mount
        (bsc#1129664, bsc#1144333).
    
      - smb3: remove per-session operations from per-tree
        connection stats (bsc#1144333).
    
      - smb3: rename encryption_required to
        smb3_encryption_required (bsc#1144333).
    
      - smb3: request more credits on normal (non-large
        read/write) ops (bsc#1144333).
    
      - smb3: request more credits on tree connect
        (bsc#1144333).
    
      - smb3: retry on STATUS_INSUFFICIENT_RESOURCES instead of
        failing write (bsc#1144333).
    
      - smb3: send backup intent on compounded query info
        (bsc#1144333).
    
      - smb3: send CAP_DFS capability during session setup
        (bsc#1144333).
    
      - smb3: Send netname context during negotiate protocol
        (bsc#1144333).
    
      - smb3: show number of current open files in
        /proc/fs/cifs/Stats (bsc#1144333).
    
      - smb3: simplify code by removing CONFIG_CIFS_SMB311
        (bsc#1051510, bsc#1144333).
    
      - smb3: smbdirect no longer experimental (bsc#1144333).
    
      - smb3: snapshot mounts are read-only and make sure info
        is displayable about the mount (bsc#1144333).
    
      - smb3: track the instance of each session for debugging
        (bsc#1144333).
    
      - smb3: Track total time spent on roundtrips for each SMB3
        command (bsc#1144333).
    
      - smb3: trivial cleanup to smb2ops.c (bsc#1144333).
    
      - smb3: update comment to clarify enumerating snapshots
        (bsc#1144333).
    
      - smb3: update default requested iosize to 4MB from 1MB
        for recent dialects (bsc#1144333).
    
      - smb3: Update POSIX negotiate context with POSIX ctxt
        GUID (bsc#1144333).
    
      - smb3: Validate negotiate request must always be signed
        (bsc#1064597, bsc#1144333).
    
      - smb3: Warn user if trying to sign connection that
        authenticated as guest (bsc#1085536, bsc#1144333).
    
      - smbd: Make upper layer decide when to destroy the
        transport (bsc#1144333).
    
      - smb: fix leak of validate negotiate info response buffer
        (bsc#1064597, bsc#1144333).
    
      - smb: fix validate negotiate info uninitialised memory
        use (bsc#1064597, bsc#1144333).
    
      - smb: Validate negotiate (to protect against downgrade)
        even if signing off (bsc#1085536, bsc#1144333).
    
      - smpboot: Place the __percpu annotation correctly (git
        fixes).
    
      - soc: rockchip: power-domain: Add a sanity check on
        pd->num_clks (bsc#1144718,bsc#1144813).
    
      - soc: rockchip: power-domain: use clk_bulk APIs
        (bsc#1144718,bsc#1144813).
    
      - soc: rockchip: power-domain: Use
        of_clk_get_parent_count() instead of open coding
        (bsc#1144718,bsc#1144813).
    
      - sound: fix a memory leak bug (bsc#1051510).
    
      - spi: bcm2835aux: fix corruptions for longer spi
        transfers (bsc#1051510).
    
      - spi: bcm2835aux: remove dangerous uncontrolled read of
        fifo (bsc#1051510).
    
      - spi: bcm2835aux: unifying code between polling and
        interrupt driven code (bsc#1051510).
    
      - st21nfca_connectivity_event_received: null check the
        allocation (bsc#1051510).
    
      - staging: comedi: dt3000: Fix rounding up of timer
        divisor (bsc#1051510).
    
      - staging: comedi: dt3000: Fix signed integer overflow
        'divider * base' (bsc#1051510).
    
      - st_nci_hci_connectivity_event_received: null check the
        allocation (bsc#1051510).
    
      - supported.conf: Add missing modules (bsc#1066369).
    
      - tcp: Reset bytes_acked and bytes_received when
        disconnecting (networking-stable-19_07_25).
    
      - test_firmware: fix a memory leak bug (bsc#1051510).
    
      - tpm: Fix off-by-one when reading
        binary_bios_measurements (bsc#1082555).
    
      - tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM
        operations (bsc#1082555).
    
      - tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is
        incomplete (bsc#1082555).
    
      - tpm: Unify the send callback behaviour (bsc#1082555).
    
      - tpm: vtpm_proxy: Suppress error logging when in closed
        state (bsc#1082555).
    
      - Tree connect for SMB3.1.1 must be signed for
        non-encrypted shares (bsc#1051510, bsc#1144333).
    
      - treewide: Replace GPLv2 boilerplate/reference with SPDX
        - rule 231 (bsc#1144333).
    
      - udf: Fix incorrect final NOT_ALLOCATED (hole) extent
        length (bsc#1148617).
    
      - Update config files. (bsc#1145687) Add the following
        kernel config to ARM64: CONFIG_ACPI_PCI_SLOT=y
        CONFIG_HOTPLUG_PCI_ACPI=y
    
      - Update config files. - cifs: add CONFIG_CIFS_DEBUG_KEYS
        to dump encryption keys (bsc#1144333).
    
      - Update config files. - cifs: allow disabling insecure
        dialects in the config (bsc#1144333).
    
      - Update config files. - cifs: SMBD: Introduce kernel
        config option CONFIG_CIFS_SMB_DIRECT (bsc#1144333).
    
      - update internal version number for cifs.ko
        (bsc#1144333).
    
      - Update
        patches.fixes/MD-fix-invalid-stored-role-for-a-disk-try2
        .patch (bsc#1143765).
    
      - Update
        patches.suse/ceph-remove-request-from-waiting-list-befor
        e-unregister.patch (bsc#1148133 bsc#1138539).
    
      - Update session and share information displayed for
        debugging SMB2/SMB3 (bsc#1144333).
    
      - Update version of cifs module (bsc#1144333).
    
      - usb: cdc-acm: make sure a refcount is taken early enough
        (bsc#1142635).
    
      - usb: CDC: fix sanity checks in CDC union parser
        (bsc#1142635).
    
      - usb: cdc-wdm: fix race between write and disconnect due
        to flag abuse (bsc#1051510).
    
      - usb: chipidea: udc: do not do hardware access if gadget
        has stopped (bsc#1051510).
    
      - usb: core: Fix races in character device registration
        and deregistraion (bsc#1051510).
    
      - usb: gadget: composite: Clear 'suspended' on
        reset/disconnect (bsc#1051510).
    
      - usb: gadget: udc: renesas_usb3: Fix sysfs interface of
        'role' (bsc#1142635).
    
      - usb: host: fotg2: restart hcd after port reset
        (bsc#1051510).
    
      - usb: host: ohci: fix a race condition between shutdown
        and irq (bsc#1051510).
    
      - usb: host: xhci-rcar: Fix timeout in xhci_suspend()
        (bsc#1051510).
    
      - usb: host: xhci: rcar: Fix typo in compatible string
        matching (bsc#1051510).
    
      - usb: iowarrior: fix deadlock on disconnect
        (bsc#1051510).
    
      - usb: serial: option: add D-Link DWM-222 device ID
        (bsc#1051510).
    
      - usb: serial: option: Add Motorola modem UARTs
        (bsc#1051510).
    
      - usb: serial: option: Add support for ZTE MF871A
        (bsc#1051510).
    
      - usb: serial: option: add the BroadMobi BM818 card
        (bsc#1051510).
    
      - usb-storage: Add new JMS567 revision to unusual_devs
        (bsc#1051510).
    
      - usb: storage: ums-realtek: Update module parameter
        description for auto_delink_en (bsc#1051510).
    
      - usb: storage: ums-realtek: Whitelist auto-delink support
        (bsc#1051510).
    
      - usb: usbfs: fix double-free of usb memory upon submiturb
        error (bsc#1051510).
    
      - usb: yurex: Fix use-after-free in yurex_delete
        (bsc#1051510).
    
      - vfs: fix page locking deadlocks when deduping files
        (bsc#1148619).
    
      - VMCI: Release resource if the work is already queued
        (bsc#1051510).
    
      - vrf: make sure skb->data contains ip header to make
        routing (networking-stable-19_07_25).
    
      - watchdog: bcm2835_wdt: Fix module autoload
        (bsc#1051510).
    
      - watchdog: core: fix NULL pointer dereference when
        releasing cdev (bsc#1051510).
    
      - watchdog: f71808e_wdt: fix F81866 bit operation
        (bsc#1051510).
    
      - watchdog: fix compile time error of pretimeout governors
        (bsc#1051510).
    
      - wimax/i2400m: fix a memory leak bug (bsc#1051510).
    
      - x86/boot: Fix memory leak in default_get_smp_config()
        (bsc#1114279).
    
      - x86/entry/64/compat: Fix stack switching for XEN PV
        (bsc#1108382).
    
      - x86/microcode: Fix the microcode load on CPU hotplug for
        real (bsc#1114279).
    
      - x86/mm: Check for pfn instead of page in
        vmalloc_sync_one() (bsc#1118689).
    
      - x86/mm: Sync also unmappings in vmalloc_sync_all()
        (bsc#1118689).
    
      - x86/speculation: Allow guests to use SSBD even if host
        does not (bsc#1114279).
    
      - x86/speculation/mds: Apply more accurate check on
        hypervisor platform (bsc#1114279).
    
      - x86/unwind: Add hardcoded ORC entry for NULL
        (bsc#1114279).
    
      - x86/unwind: Handle NULL pointer calls better in frame
        unwinder (bsc#1114279).
    
      - xen/swiotlb: fix condition for calling
        xen_destroy_contiguous_region() (bsc#1065600).
    
      - xfrm: Fix bucket count reported to userspace
        (bsc#1143300).
    
      - xfrm: Fix error return code in xfrm_output_one()
        (bsc#1143300).
    
      - xfrm: Fix NULL pointer dereference in xfrm_input when
        skb_dst_force clears the dst_entry (bsc#1143300).
    
      - xfrm: Fix NULL pointer dereference when skb_dst_force
        clears the dst_entry (bsc#1143300).
    
      - xfs: do not crash on null attr fork xfs_bmapi_read
        (bsc#1148035).
    
      - xfs: do not trip over uninitialized buffer on extent
        read of corrupted inode (bsc#1149053).
    
      - xfs: dump transaction usage details on log reservation
        overrun (bsc#1145235).
    
      - xfs: eliminate duplicate icreate tx reservation
        functions (bsc#1145235).
    
      - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize
        fails due to EDQUOT (bsc#1148032).
    
      - xfs: fix semicolon.cocci warnings (bsc#1145235).
    
      - xfs: fix up agi unlinked list reservations
        (bsc#1145235).
    
      - xfs: include an allocfree res for inobt modifications
        (bsc#1145235).
    
      - xfs: include inobt buffers in ifree tx log reservation
        (bsc#1145235).
    
      - xfs: print transaction log reservation on overrun
        (bsc#1145235).
    
      - xfs: refactor inode chunk alloc/free tx reservation
        (bsc#1145235).
    
      - xfs: refactor xlog_cil_insert_items() to facilitate
        transaction dump (bsc#1145235).
    
      - xfs: remove more ondisk directory corruption asserts
        (bsc#1148034).
    
      - xfs: separate shutdown from ticket reservation print
        helper (bsc#1145235).
    
      - xfs: truncate transaction does not modify the inobt
        (bsc#1145235)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://acl.bestbits.at"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.kernel.org/show_bug.cgi?id=202935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047238"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050911"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1054914"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056686"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1060662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1061843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064597"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064701"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066369"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071009"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071306"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1078248"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085030"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085536"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085539"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1087092"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1090734"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1091171"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093205"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102097"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112894"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112899"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112905"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112906"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114542"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120876"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120937"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124370"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129664"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131565"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134881"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135219"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137884"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138539"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1139020"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1139021"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140012"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141543"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142019"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142076"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142109"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142541"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142635"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143300"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143765"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144123"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144718"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144880"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144886"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144920"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145300"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145302"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145390"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145392"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145394"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145395"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145397"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145408"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145409"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145678"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145687"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145920"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145937"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145940"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145941"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145942"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146346"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146352"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146361"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146381"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146399"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146413"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146425"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146512"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146514"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146516"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146526"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146529"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146531"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146543"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146547"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146550"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146589"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146678"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146938"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148031"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148032"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148033"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148198"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148202"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148303"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148379"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148394"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148574"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148617"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148619"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148859"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1148868"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149053"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149083"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149106"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149214"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149224"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149325"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149413"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149418"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149522"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149539"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149552"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149591"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149602"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149612"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149626"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149713"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149940"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150025"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150033"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150112"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150562"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150727"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150860"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150861"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150933"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-base-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-debugsource-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-debug-devel-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-base-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-debugsource-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-default-devel-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-devel-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-docs-html-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-debugsource-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-macros-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-build-debugsource-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-obs-qa-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-source-vanilla-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-syms-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-debugsource-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-4.12.14-lp150.12.73.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.73.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1940.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-14821 Matt Delco reported a race condition in KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id129505
    published2019-10-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129505
    titleDebian DLA-1940-1 : linux-4.9 security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1940-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129505);
      script_version("1.4");
      script_cvs_date("Date: 2019/12/23");
    
      script_cve_id("CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15902");
    
      script_name(english:"Debian DLA-1940-1 : linux-4.9 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
    CVE-2019-14821
    
    Matt Delco reported a race condition in KVM's coalesced MMIO facility,
    which could lead to out-of-bounds access in the kernel. A local
    attacker permitted to access /dev/kvm could use this to cause a denial
    of service (memory corruption or crash) or possibly for privilege
    escalation.
    
    CVE-2019-14835
    
    Peter Pi of Tencent Blade Team discovered a missing bounds check in
    vhost_net, the network back-end driver for KVM hosts, leading to a
    buffer overflow when the host begins live migration of a VM. An
    attacker in control of a VM could use this to cause a denial of
    service (memory corruption or crash) or possibly for privilege
    escalation on the host.
    
    CVE-2019-15117
    
    Hui Peng and Mathias Payer reported a missing bounds check in the
    usb-audio driver's descriptor parsing code, leading to a buffer
    over-read. An attacker able to add USB devices could possibly use this
    to cause a denial of service (crash).
    
    CVE-2019-15118
    
    Hui Peng and Mathias Payer reported unbounded recursion in the
    usb-audio driver's descriptor parsing code, leading to a stack
    overflow. An attacker able to add USB devices could use this to cause
    a denial of service (memory corruption or crash) or possibly for
    privilege escalation. On the amd64 architecture this is mitigated by a
    guard page on the kernel stack, so that it is only possible to cause a
    crash.
    
    CVE-2019-15902
    
    Brad Spengler reported that a backporting error reintroduced a
    spectre-v1 vulnerability in the ptrace subsystem in the
    ptrace_get_debugreg() function.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    4.9.189-3+deb9u1~deb8u1.
    
    We recommend that you upgrade your linux-4.9 packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/linux-4.9"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14835");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-manual-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-perf-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-4.9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.9-arm", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-doc-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-686", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-686-pae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-armel", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-armhf", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-all-i386", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-armmp", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-armmp-lpae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-common", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-common-rt", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-marvell", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-rt-686-pae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-4.9.0-0.bpo.7-rt-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686-pae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-686-pae-dbg", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-amd64-dbg", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-armmp", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-armmp-lpae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-marvell", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-686-pae", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-amd64", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-kbuild-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-manual-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-perf-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-source-4.9", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-support-4.9.0-0.bpo.7", reference:"4.9.189-3+deb9u1~deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4162-1.NASL
    descriptionIt was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) It was discovered that the SMB networking file system implementation in the Linux kernel contained a buffer overread. An attacker could use this to expose sensitive information (kernel memory). (CVE-2019-15918). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130151
    published2019-10-22
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130151
    titleUbuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, (USN-4162-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4163-1.NASL
    descriptionIt was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2016-10906) It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel when handling certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18232) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130152
    published2019-10-22
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130152
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4163-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2181.NASL
    descriptionThe openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516 bnc#1146512 bnc#1146514) - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel
    last seen2020-04-01
    modified2019-09-25
    plugin id129345
    published2019-09-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129345
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-2181)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1930.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2016-10905 A race condition was discovered in the GFS2 file-system implementation, which could lead to a use-after-free. On a system using GFS2, a local attacker could use this for denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2018-20976 It was discovered that the XFS file-system implementation did not correctly handle some mount failure conditions, which could lead to a use-after-free. The security impact of this is unclear. CVE-2018-21008 It was discovered that the rsi wifi driver did not correctly handle some failure conditions, which could lead to a use-after- free. The security impact of this is unclear. CVE-2019-0136 It was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages. A nearby attacker could use this for denial of service (loss of wifi connectivity). CVE-2019-9506 Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered a weakness in the Bluetooth pairing protocols, dubbed the
    last seen2020-06-01
    modified2020-06-02
    plugin id129361
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129361
    titleDebian DLA-1930-1 : linux security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2201.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file driverset/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in netetlink/genetlink.c.(CVE-2019-15921)An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.(CVE-2019-15927)An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.(CVE-2019-15807)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-11-08
    plugin id130663
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130663
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2201)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2738-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel
    last seen2020-04-01
    modified2019-10-23
    plugin id130163
    published2019-10-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130163
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2738-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1186.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.(CVE-2012-3400)The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.(CVE-2013-2164)The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.(CVE-2013-2206)The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.(CVE-2013-6282)An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.(CVE-2018-20836)The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.(CVE-2019-11486)The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487)The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)A n issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.(CVE-2019-11810)An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.(CVE-2019-11811)A flaw was found in the Linux kernel
    last seen2020-05-03
    modified2020-03-11
    plugin id134387
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134387
    titleEulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2648-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 for Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel
    last seen2020-04-01
    modified2019-10-14
    plugin id129845
    published2019-10-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129845
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2648-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4531.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-14821 Matt Delco reported a race condition in KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id129306
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129306
    titleDebian DSA-4531-1 : linux - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2414-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following new features were implemented : jsc#SLE-4875: [CML] New device IDs for CML jsc#SLE-7294: Add cpufreq driver for Raspberry Pi fate#321840: Reduce memory required to boot capture kernel while using fadump fate#326869: perf: pmu mem_load/store event support fate:327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times The following security bugs were fixed: CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users
    last seen2020-04-01
    modified2019-09-23
    plugin id129156
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129156
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2414-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2299-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id128542
    published2019-09-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128542
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2299-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2424-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following new features were implemented : jsc#SLE-4875: [CML] New device IDs for CML jsc#SLE-7294: Add cpufreq driver for Raspberry Pi fate#326869: perf: pmu mem_load/store event support fate#327380: KVM: Add hardware CPU Model - kernel part fate#327377: KVM: Support for configurable virtio-crypto fate#327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times fate#326472: Marvell Armada 7K/8K Ethernet (incl. 10G) kernel enablement fate#326416: Hi1620 (Vendor: Huawei): RDMA kernel enablement fate#326415: Hi1620 (Vendor: Huawei): HNS3 (100G) network kernel enablement The following security bugs were fixed: CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users
    last seen2020-04-01
    modified2019-09-23
    plugin id129157
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129157
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2424-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2353.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):The yam_ioctl function in drivers et/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2187)Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.(CVE-2016-2384)The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.(CVE-2016-2782)The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138)The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3140)The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.(CVE-2016-3689)The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.(CVE-2016-4569)sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.(CVE-2016-4578)The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.(CVE-2016-7425)The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.(CVE-2017-1000379)In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes(CVE-2017-11089)An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.(CVE-2017-13167)In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216)A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.(CVE-2017-13305)An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.(CVE-2017-14051)The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.(CVE-2017-18232)An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.(CVE-2018-10322)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.(CVE-2018-12896)An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.(CVE-2018-17972)An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.(CVE-2018-18710 )An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers et/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.(CVE-2018-20511)An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518 )Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-12-10
    plugin id131845
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131845
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-311-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 to fix security issues.
    last seen2020-03-17
    modified2019-11-08
    plugin id130751
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130751
    titleSlackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2412-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following new features were implemented : jsc#SLE-4875: [CML] New device IDs for CML jsc#SLE-7294: Add cpufreq driver for Raspberry Pi fate#322438: Integrate P9 XIVE support (on PowerVM only) fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only) fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only) fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump fate#326869: perf: pmu mem_load/store event support The following security bugs were fixed: CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users
    last seen2020-04-01
    modified2019-09-23
    plugin id129154
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129154
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2412-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2274.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.(CVE-2017-5754)The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.(CVE-2017-5897)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.(CVE-2017-7518)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.(CVE-2018-1066)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.(CVE-2018-13094)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant.(CVE-2018-7995)In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.(CVE-2018-9363)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-11-08
    plugin id130736
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130736
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)

References