Vulnerabilities > CVE-2019-15916 - Memory Leak vulnerability in Linux Kernel

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
linux
CWE-401
nessus

Summary

An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.

Vulnerable Configurations

Part Description Count
OS
Linux
1951

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-5532.NASL
    descriptionDescription of changes: [2.6.39-400.319.1.el6uek] - net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing) [Orabug: 30350265] {CVE-2019-15916}
    last seen2020-06-01
    modified2020-06-02
    plugin id133663
    published2020-02-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133663
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5532)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2020-5532.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133663);
      script_version("1.2");
      script_cvs_date("Date: 2020/02/18");
    
      script_cve_id("CVE-2019-15916");
    
      script_name(english:"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2020-5532)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Description of changes:
    
    [2.6.39-400.319.1.el6uek]
    - net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing) 
    [Orabug: 30350265] {CVE-2019-15916}"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2020-February/009632.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2019-15916");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2020-5532");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.39-400.319.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.39-400.319.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.39-400.319.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.39-400.319.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.39-400.319.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.39-400.319.1.el6uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_KERNEL_ON_SL7_X.NASL
    description* kernel: out of bound read in DVB connexant driver. * kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission * kernel: denial of service via ioctl call in network tun handling * kernel: usb: missing size check in the __usb_get_extra_descriptor() * kernel: perf_event_open() and execve() race in setuid programs allows a data leak * kernel: brcmfmac frame validation bypass * kernel: NULL pointer dereference in hci_uart_set_flow_control * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command * kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service * kernel: use-after-free in arch/x86/lib/insn-eval.c * kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call * kernel: integer overflow and OOB read in drivers/block/floppy.c * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service * kernel: buffer-overflow hardening in WiFi beacon validation code. * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c * Kernel: net: weak IP ID generation leads to remote device tracking * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR * kernel: ASLR bypass for setuid binaries due to late install_exec_creds()
    last seen2020-04-30
    modified2020-04-21
    plugin id135813
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135813
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20200407)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135813);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");
    
      script_cve_id("CVE-2015-9289", "CVE-2017-17807", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-7191", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11190", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-15916", "CVE-2019-16746", "CVE-2019-18660", "CVE-2019-3901", "CVE-2019-9503");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "* kernel: out of bound read in DVB connexant driver. * kernel: Missing
    permissions check for request_key() destination allows local attackers
    to add keys to keyring without Write permission * kernel: denial of
    service via ioctl call in network tun handling * kernel: usb: missing
    size check in the __usb_get_extra_descriptor() * kernel:
    perf_event_open() and execve() race in setuid programs allows a data
    leak * kernel: brcmfmac frame validation bypass * kernel: NULL pointer
    dereference in hci_uart_set_flow_control * kernel: sensitive
    information disclosure from kernel stack memory via HIDPCONNADD
    command * kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware
    leads to denial of service * kernel: use-after-free in
    arch/x86/lib/insn-eval.c * kernel: denial of service in
    arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c
    via sigreturn() system call * kernel: integer overflow and OOB read in
    drivers/block/floppy.c * kernel: memory leak in
    register_queue_kobjects() in net/core/net-sysfs.c leads to denial of
    service * kernel: buffer-overflow hardening in WiFi beacon validation
    code. * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to
    information exposure * kernel: oob memory read in hso_probe in
    drivers/net/usb/hso.c * Kernel: net: weak IP ID generation leads to
    remote device tracking * Kernel: net: using kernel space address bits
    to derive IP ID may potentially break KASLR * kernel: ASLR bypass for
    setuid binaries due to late install_exec_creds()"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=7067
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a4f1bf88"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9503");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bpftool");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bpftool-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bpftool-debuginfo-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-doc-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-1127.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-1127.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3517.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: NULL pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: Linux stack ASLR implementation Integer overflow (CVE-2015-1593) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-05-15
    modified2019-11-06
    plugin id130547
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130547
    titleRHEL 8 : kernel (RHSA-2019:3517)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:3517. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130547);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/13");
    
      script_cve_id("CVE-2015-1593", "CVE-2018-16884", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-14821", "CVE-2019-15666", "CVE-2019-15916", "CVE-2019-15921", "CVE-2019-15924", "CVE-2019-16994", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222", "CVE-2019-9506", "CVE-2020-11669");
      script_xref(name:"RHSA", value:"2019:3517");
    
      script_name(english:"RHEL 8 : kernel (RHSA-2019:3517)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)
    
    * Kernel: vhost_net: infinite loop while receiving packets leads to
    DoS (CVE-2019-3900)
    
    * Kernel: page cache side channel attacks (CVE-2019-5489)
    
    * hardware: bluetooth: BR/EDR encryption key negotiation attacks
    (KNOB) (CVE-2019-9506)
    
    * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in
    drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)
    
    * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)
    
    * kernel: Information Disclosure in crypto_report_one in
    crypto/crypto_user.c (CVE-2018-19854)
    
    * kernel: usb: missing size check in the __usb_get_extra_descriptor()
    leading to DoS (CVE-2018-20169)
    
    * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
    (CVE-2019-3459)
    
    * kernel: Heap address information leak while using
    L2CAP_PARSE_CONF_RSP (CVE-2019-3460)
    
    * kernel: SCTP socket buffer memory leak leading to denial of service
    (CVE-2019-3874)
    
    * kernel: denial of service vector through vfio DMA mappings
    (CVE-2019-3882)
    
    * kernel: NULL pointer dereference in hci_uart_set_flow_control
    (CVE-2019-10207)
    
    * kernel: fix race condition between mmget_not_zero()/get_task_mm()
    and core dumping (CVE-2019-11599)
    
    * kernel: fs/ext4/extents.c leads to information disclosure
    (CVE-2019-11833)
    
    * kernel: sensitive information disclosure from kernel stack memory
    via HIDPCONNADD command (CVE-2019-11884)
    
    * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)
    
    * kernel: memory leak in register_queue_kobjects() in
    net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)
    
    * kernel: Linux stack ASLR implementation Integer overflow
    (CVE-2015-1593)
    
    * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c
    (CVE-2018-19985)
    
    * Kernel: KVM: leak of uninitialized stack contents to guest
    (CVE-2019-7222)
    
    * Kernel: net: weak IP ID generation leads to remote device tracking
    (CVE-2019-10638)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 8.1 Release Notes linked from the References section."
      );
      # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?774148ae"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:3517"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-1593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-16884"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-19854"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-19985"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-20169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-3459"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-3460"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-3874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-3882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-3900"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-5489"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-7222"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-9506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-10126"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-10207"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-10638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11599"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11833"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11884"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-12382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-13233"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14821"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-15666"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-15916"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-15921"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-15924"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16994"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10126");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-aarch64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2015-1593", "CVE-2018-16884", "CVE-2018-19854", "CVE-2018-19985", "CVE-2018-20169", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-11599", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-13233", "CVE-2019-14821", "CVE-2019-15666", "CVE-2019-15916", "CVE-2019-15921", "CVE-2019-15924", "CVE-2019-16994", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3874", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-5489", "CVE-2019-7222", "CVE-2019-9506", "CVE-2020-11669");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2019:3517");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:3517";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"bpftool-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"bpftool-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"bpftool-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"bpftool-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"bpftool-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"kernel-abi-whitelists-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-core-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-core-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-cross-headers-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-cross-headers-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debug-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debug-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debug-core-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debug-core-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"kernel-debug-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debug-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debug-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debug-devel-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debug-devel-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debug-modules-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debug-modules-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debug-modules-extra-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debug-modules-extra-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"kernel-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"kernel-debuginfo-common-aarch64-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-devel-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-devel-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"kernel-doc-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-headers-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-headers-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-modules-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-modules-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-modules-extra-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-modules-extra-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-tools-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-tools-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"kernel-tools-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-tools-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-tools-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-tools-libs-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"kernel-tools-libs-devel-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"kernel-tools-libs-devel-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-zfcpdump-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-zfcpdump-core-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-zfcpdump-devel-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-zfcpdump-modules-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"kernel-zfcpdump-modules-extra-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"perf-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"perf-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"perf-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"perf-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"perf-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"python3-perf-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"python3-perf-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"aarch64", reference:"python3-perf-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"python3-perf-debuginfo-4.18.0-147.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"python3-perf-debuginfo-4.18.0-147.el8")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0740.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: powerpc: local user can read vector registers of other users
    last seen2020-03-18
    modified2020-03-10
    plugin id134361
    published2020-03-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134361
    titleRHEL 7 : kernel-alt (RHSA-2020:0740)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0740. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134361);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2018-16871", "CVE-2019-11884", "CVE-2019-15030", "CVE-2019-15916", "CVE-2019-17666", "CVE-2019-18805", "CVE-2019-3459", "CVE-2019-3460");
      script_xref(name:"RHSA", value:"2020:0740");
    
      script_name(english:"RHEL 7 : kernel-alt (RHSA-2020:0740)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel-alt is now available for Red Hat Enterprise Linux
    7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel-alt packages provide the Linux kernel version 4.x.
    
    Security Fix(es) :
    
    * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c
    in the Linux kernel lacks a certain upper-bound check, leading to a
    buffer overflow (CVE-2019-17666)
    
    * kernel: nfs: NULL pointer dereference due to an anomalized NFS
    message sequence (CVE-2018-16871)
    
    * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
    (CVE-2019-3459)
    
    * kernel: Heap address information leak while using
    L2CAP_PARSE_CONF_RSP (CVE-2019-3460)
    
    * kernel: sensitive information disclosure from kernel stack memory
    via HIDPCONNADD command (CVE-2019-11884)
    
    * kernel: powerpc: local user can read vector registers of other
    users' processes via a Facility Unavailable exception (CVE-2019-15030)
    
    * kernel: memory leak in register_queue_kobjects() in
    net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)
    
    * kernel: integer overflow in tcp_ack_update_rtt in
    net/ipv4/tcp_input.c (CVE-2019-18805)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Bug Fix(es) :
    
    * lpfc: NVMe/FC target test machine rhel-storage-62 crashes on boot
    when connected to FC switch (BZ#1623205)
    
    * kernel BUG at fs/nfs_common/grace.c:107! (BZ#1637543)
    
    * RHEL-Alt-7.6 - Need a fix for kernel bug cap_inode_getsecurity: use
    d_find_any_alias() instead of d_find_alias() (BZ#1711934)
    
    * Backport 'fs/dcache.c: add cond_resched() in shrink_dentry_list()'
    (32785c0539b7) [rhel-alt-7.6.z] (BZ#1758861)
    
    * [RHEL-ALT-7.6.z][arm64] iommu/iova: Fix tracking of recently failed
    iova address (BZ#1780500)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0740"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-16871"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-3459"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-3460"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11884"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-15030"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-15916"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-17666"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-18805"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17666");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-16871", "CVE-2019-11884", "CVE-2019-15030", "CVE-2019-15916", "CVE-2019-17666", "CVE-2019-18805", "CVE-2019-3459", "CVE-2019-3460");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2020:0740");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0740";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", reference:"kernel-abi-whitelists-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-debuginfo-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-devel-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-devel-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", reference:"kernel-doc-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-headers-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-debuginfo-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-devel-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-debuginfo-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-4.14.0-115.18.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-debuginfo-4.14.0-115.18.1.el7a")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2675.NASL
    descriptionThe openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-15211: There was a use-after-free caused by a malicious USB device in drivers/media/v4l2-core/v4l2-dev.c (bnc#1146519). - CVE-2019-15213: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). - CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bnc#1158427 1158445). - CVE-2019-19543: There is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). - CVE-2019-19525: There is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bnc#1158417). - CVE-2019-19530: There is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bnc#1158410). - CVE-2019-19536: There is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bnc#1158394). - CVE-2019-19524: There is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bnc#1158413). - CVE-2019-19528: There is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bnc#1158407). - CVE-2019-19534: There is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bnc#1158398). - CVE-2019-19529: There is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bnc#1158381). - CVE-2019-14901: A heap overflow flaw was found in the Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). - CVE-2019-14895: A heap-based buffer overflow was discovered in the Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). - CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). - CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid, which was exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). - CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c allowed attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559 (bnc#1156258). - CVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c was fixed (bnc#1157304). - CVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2 (bnc#1157032). - CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042 (bnc#1157333). - CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e (bnc#1157193). - CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932 (bnc#1157197). - CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6 (bnc#1157307). - CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allowed attackers to cause a denial of service (memory consumption), aka CID-3f9361695113 (bnc#1157298). - CVE-2019-19227: In the AppleTalk subsystem there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122 (bnc#1157678). - CVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a (bnc#1157045). - CVE-2019-19080: Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a (bnc#1157044). - CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e (bnc#1157191). - CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14 (bnc#1157171). - CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486 (bnc#1157324). - CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c were fixed. (bnc#1157180). - CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c allowed attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41 (bnc#1157178). - CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c was fixed. (bnc#1157173). - CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e (bnc#1157162). - CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5 (bnc#1157145). - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4 (bnc#1157143). - CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10 (bnc#1157070). - CVE-2019-19083: Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc allowed attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1 (bnc#1157049). - CVE-2019-19082: Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc allowed attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad (bnc#1157046). - CVE-2019-15916: There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). The following non-security bugs were fixed : - ACPICA: Never run _REG on system_memory and system_IO (bsc#1051510). - ACPICA: Use %d for signed int print formatting instead of %u (bsc#1051510). - ACPI / hotplug / PCI: Allocate resources directly under the non-hotplug bridge (bsc#1111666). - ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask (bsc#1051510). - acpi/nfit, device-dax: Identify differentiated memory with a unique numa-node (bsc#1158071). - ACPI / SBS: Fix rare oops when removing modules (bsc#1051510). - ALSA: 6fire: Drop the dead code (git-fixes). - ALSA: cs4236: fix error return comparison of an unsigned integer (git-fixes). - ALSA: firewire-motu: Correct a typo in the clock proc string (git-fixes). - ALSA: hda: Add Cometlake-S PCI ID (git-fixes). - ALSA: hda - Add mute led support for HP ProBook 645 G4 (git-fixes). - ALSA: hda - Fix pending unsol events at shutdown (git-fixes). - ALSA: hda: Fix racy display power access (bsc#1156928). - ALSA: hda/hdmi - Clear codec->relaxed_resume flag at unbinding (git-fixes). - ALSA: hda: hdmi - fix port numbering for ICL and TGL platforms (git-fixes). - ALSA: hda: hdmi - remove redundant code comments (git-fixes). - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729). - ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi
    last seen2020-06-01
    modified2020-06-02
    plugin id132032
    published2019-12-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132032
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-2675)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-2675.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132032);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/24");
    
      script_cve_id("CVE-2019-14895", "CVE-2019-14901", "CVE-2019-15211", "CVE-2019-15213", "CVE-2019-15916", "CVE-2019-18660", "CVE-2019-18683", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19049", "CVE-2019-19052", "CVE-2019-19056", "CVE-2019-19057", "CVE-2019-19058", "CVE-2019-19060", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19065", "CVE-2019-19067", "CVE-2019-19068", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19075", "CVE-2019-19077", "CVE-2019-19078", "CVE-2019-19080", "CVE-2019-19081", "CVE-2019-19082", "CVE-2019-19083", "CVE-2019-19227", "CVE-2019-19524", "CVE-2019-19525", "CVE-2019-19528", "CVE-2019-19529", "CVE-2019-19530", "CVE-2019-19531", "CVE-2019-19534", "CVE-2019-19536", "CVE-2019-19543");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-2675)");
      script_summary(english:"Check for the openSUSE-2019-2675 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 15.1 kernel was updated to receive various security
    and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2019-15211: There was a use-after-free caused by a
        malicious USB device in
        drivers/media/v4l2-core/v4l2-dev.c (bnc#1146519).
    
      - CVE-2019-15213: There was a use-after-free caused by a
        malicious USB device in the
        drivers/media/usb/dvb-usb/dvb-usb-init.c driver
        (bnc#1146544).
    
      - CVE-2019-19531: There was a use-after-free bug that can
        be caused by a malicious USB device in the
        drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca
        (bnc#1158427 1158445).
    
      - CVE-2019-19543: There is a use-after-free in
        serial_ir_init_module() in drivers/media/rc/serial_ir.c
        (bnc#1158427).
    
      - CVE-2019-19525: There is a use-after-free bug that can
        be caused by a malicious USB device in the
        drivers/net/ieee802154/atusb.c driver, aka
        CID-7fd25e6fc035 (bnc#1158417).
    
      - CVE-2019-19530: There is a use-after-free bug that can
        be caused by a malicious USB device in the
        drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef
        (bnc#1158410).
    
      - CVE-2019-19536: There is an info-leak bug that can be
        caused by a malicious USB device in the
        drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka
        CID-ead16e53c2f0 (bnc#1158394).
    
      - CVE-2019-19524: There is a use-after-free bug that can
        be caused by a malicious USB device in the
        drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9
        (bnc#1158413).
    
      - CVE-2019-19528: There is a use-after-free bug that can
        be caused by a malicious USB device in the
        drivers/usb/misc/iowarrior.c driver, aka
        CID-edc4746f253d (bnc#1158407).
    
      - CVE-2019-19534: There is an info-leak bug that can be
        caused by a malicious USB device in the
        drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka
        CID-f7a1337f0d29 (bnc#1158398).
    
      - CVE-2019-19529: There is a use-after-free bug that can
        be caused by a malicious USB device in the
        drivers/net/can/usb/mcba_usb.c driver, aka
        CID-4d6636498c41 (bnc#1158381).
    
      - CVE-2019-14901: A heap overflow flaw was found in the
        Marvell WiFi chip driver. The vulnerability allowed a
        remote attacker to cause a system crash, resulting in a
        denial of service, or execute arbitrary code. The
        highest threat with this vulnerability is with the
        availability of the system. If code execution occurs,
        the code will run with the permissions of root. This
        will affect both confidentiality and integrity of files
        on the system (bnc#1157042).
    
      - CVE-2019-14895: A heap-based buffer overflow was
        discovered in the Marvell WiFi chip driver. The flaw
        could occur when the station attempts a connection
        negotiation during the handling of the remote devices
        country settings. This could allowed the remote device
        to cause a denial of service (system crash) or possibly
        execute arbitrary code (bnc#1157158).
    
      - CVE-2019-18660: The Linux kernel on powerpc allowed
        Information Exposure because the Spectre-RSB mitigation
        is not in place for all applicable CPUs, aka
        CID-39e72bf96f58. This is related to
        arch/powerpc/kernel/entry_64.S and
        arch/powerpc/kernel/security.c (bnc#1157038).
    
      - CVE-2019-18683: An issue was discovered in
        drivers/media/platform/vivid, which was exploitable for
        privilege escalation on some Linux distributions where
        local users have /dev/video0 access, but only if the
        driver happens to be loaded. There are multiple race
        conditions during streaming stopping in this driver
        (part of the V4L2 subsystem). These issues are caused by
        wrong mutex locking in vivid_stop_generating_vid_cap(),
        vivid_stop_generating_vid_out(),
        sdr_cap_stop_streaming(), and the corresponding
        kthreads. At least one of these race conditions leads to
        a use-after-free (bnc#1155897).
    
      - CVE-2019-18809: A memory leak in the
        af9005_identify_state() function in
        drivers/media/usb/dvb-usb/af9005.c allowed attackers to
        cause a denial of service (memory consumption), aka
        CID-2289adbfa559 (bnc#1156258).
    
      - CVE-2019-19046: A memory leak in the
        __ipmi_bmc_register() function in
        drivers/char/ipmi/ipmi_msghandler.c was fixed
        (bnc#1157304).
    
      - CVE-2019-19078: A memory leak in the
        ath10k_usb_hif_tx_sg() function in
        drivers/net/wireless/ath/ath10k/usb.c allowed attackers
        to cause a denial of service (memory consumption) by
        triggering usb_submit_urb() failures, aka
        CID-b8d17e7d93d2 (bnc#1157032).
    
      - CVE-2019-19062: A memory leak in the crypto_report()
        function in crypto/crypto_user_base.c allowed attackers
        to cause a denial of service (memory consumption) by
        triggering crypto_report_alg() failures, aka
        CID-ffdde5932042 (bnc#1157333).
    
      - CVE-2019-19057: Two memory leaks in the
        mwifiex_pcie_init_evt_ring() function in
        drivers/net/wireless/marvell/mwifiex/pcie.c allowed
        attackers to cause a denial of service (memory
        consumption) by triggering mwifiex_map_pci_memory()
        failures, aka CID-d10dcb615c8e (bnc#1157193).
    
      - CVE-2019-19056: A memory leak in the
        mwifiex_pcie_alloc_cmdrsp_buf() function in
        drivers/net/wireless/marvell/mwifiex/pcie.c allowed
        attackers to cause a denial of service (memory
        consumption) by triggering mwifiex_map_pci_memory()
        failures, aka CID-db8fd2cde932 (bnc#1157197).
    
      - CVE-2019-19068: A memory leak in the
        rtl8xxxu_submit_int_urb() function in
        drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
        allowed attackers to cause a denial of service (memory
        consumption) by triggering usb_submit_urb() failures,
        aka CID-a2cdd07488e6 (bnc#1157307).
    
      - CVE-2019-19063: Two memory leaks in the rtl_usb_probe()
        function in drivers/net/wireless/realtek/rtlwifi/usb.c
        allowed attackers to cause a denial of service (memory
        consumption), aka CID-3f9361695113 (bnc#1157298).
    
      - CVE-2019-19227: In the AppleTalk subsystem there was a
        potential NULL pointer dereference because
        register_snap_client may return NULL. This will lead to
        denial of service in net/appletalk/aarp.c and
        net/appletalk/ddp.c, as demonstrated by
        unregister_snap_client, aka CID-9804501fa122
        (bnc#1157678).
    
      - CVE-2019-19081: A memory leak in the
        nfp_flower_spawn_vnic_reprs() function in
        drivers/net/ethernet/netronome/nfp/flower/main.c allowed
        attackers to cause a denial of service (memory
        consumption), aka CID-8ce39eb5a67a (bnc#1157045).
    
      - CVE-2019-19080: Four memory leaks in the
        nfp_flower_spawn_phy_reprs() function in
        drivers/net/ethernet/netronome/nfp/flower/main.c allowed
        attackers to cause a denial of service (memory
        consumption), aka CID-8572cea1461a (bnc#1157044).
    
      - CVE-2019-19065: A memory leak in the sdma_init()
        function in drivers/infiniband/hw/hfi1/sdma.c allowed
        attackers to cause a denial of service (memory
        consumption) by triggering rhashtable_init() failures,
        aka CID-34b3be18a04e (bnc#1157191).
    
      - CVE-2019-19077: A memory leak in the
        bnxt_re_create_srq() function in
        drivers/infiniband/hw/bnxt_re/ib_verbs.c allowed
        attackers to cause a denial of service (memory
        consumption) by triggering copy to udata failures, aka
        CID-4a9d46a9fe14 (bnc#1157171).
    
      - CVE-2019-19052: A memory leak in the gs_can_open()
        function in drivers/net/can/usb/gs_usb.c allowed
        attackers to cause a denial of service (memory
        consumption) by triggering usb_submit_urb() failures,
        aka CID-fb5be6a7b486 (bnc#1157324).
    
      - CVE-2019-19067: Four memory leaks in the acp_hw_init()
        function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c were
        fixed. (bnc#1157180).
    
      - CVE-2019-19060: A memory leak in the
        adis_update_scan_mode() function in
        drivers/iio/imu/adis_buffer.c allowed attackers to cause
        a denial of service (memory consumption), aka
        CID-ab612b1daf41 (bnc#1157178).
    
      - CVE-2019-19049: A memory leak in the unittest_data_add()
        function in drivers/of/unittest.c was fixed.
        (bnc#1157173).
    
      - CVE-2019-19075: A memory leak in the ca8210_probe()
        function in drivers/net/ieee802154/ca8210.c allowed
        attackers to cause a denial of service (memory
        consumption) by triggering ca8210_get_platform_data()
        failures, aka CID-6402939ec86e (bnc#1157162).
    
      - CVE-2019-19058: A memory leak in the alloc_sgtable()
        function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c
        allowed attackers to cause a denial of service (memory
        consumption) by triggering alloc_page() failures, aka
        CID-b4b814fec1a5 (bnc#1157145).
    
      - CVE-2019-19074: A memory leak in the ath9k_wmi_cmd()
        function in drivers/net/wireless/ath/ath9k/wmi.c allowed
        attackers to cause a denial of service (memory
        consumption), aka CID-728c1e2a05e4 (bnc#1157143).
    
      - CVE-2019-19073: Memory leaks in
        drivers/net/wireless/ath/ath9k/htc_hst.c allowed
        attackers to cause a denial of service (memory
        consumption) by triggering wait_for_completion_timeout()
        failures. This affects the htc_config_pipe_credits()
        function, the htc_setup_complete() function, and the
        htc_connect_service() function, aka CID-853acf7caf10
        (bnc#1157070).
    
      - CVE-2019-19083: Memory leaks in *clock_source_create()
        functions under drivers/gpu/drm/amd/display/dc allowed
        attackers to cause a denial of service (memory
        consumption). This affects the
        dce112_clock_source_create() function in
        drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c,
        the dce100_clock_source_create() function in
        drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c,
        the dcn10_clock_source_create() function in
        drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,
        the dcn20_clock_source_create() function in
        drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c,
        the dce120_clock_source_create() function in
        drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c,
        the dce110_clock_source_create() function in
        drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c,
        and the dce80_clock_source_create() function in
        drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c,
        aka CID-055e547478a1 (bnc#1157049).
    
      - CVE-2019-19082: Memory leaks in *create_resource_pool()
        functions under drivers/gpu/drm/amd/display/dc allowed
        attackers to cause a denial of service (memory
        consumption). This affects the
        dce120_create_resource_pool() function in
        drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c,
        the dce110_create_resource_pool() function in
        drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c,
        the dce100_create_resource_pool() function in
        drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c,
        the dcn10_create_resource_pool() function in
        drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,
        and the dce112_create_resource_pool() function in
        drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c,
        aka CID-104c307147ad (bnc#1157046).
    
      - CVE-2019-15916: There was a memory leak in
        register_queue_kobjects() in net/core/net-sysfs.c, which
        will cause denial of service (bnc#1149448).
    
    The following non-security bugs were fixed :
    
      - ACPICA: Never run _REG on system_memory and system_IO
        (bsc#1051510).
    
      - ACPICA: Use %d for signed int print formatting instead
        of %u (bsc#1051510).
    
      - ACPI / hotplug / PCI: Allocate resources directly under
        the non-hotplug bridge (bsc#1111666).
    
      - ACPI / LPSS: Exclude I2C busses shared with PUNIT from
        pmc_atom_d3_mask (bsc#1051510).
    
      - acpi/nfit, device-dax: Identify differentiated memory
        with a unique numa-node (bsc#1158071).
    
      - ACPI / SBS: Fix rare oops when removing modules
        (bsc#1051510).
    
      - ALSA: 6fire: Drop the dead code (git-fixes).
    
      - ALSA: cs4236: fix error return comparison of an unsigned
        integer (git-fixes).
    
      - ALSA: firewire-motu: Correct a typo in the clock proc
        string (git-fixes).
    
      - ALSA: hda: Add Cometlake-S PCI ID (git-fixes).
    
      - ALSA: hda - Add mute led support for HP ProBook 645 G4
        (git-fixes).
    
      - ALSA: hda - Fix pending unsol events at shutdown
        (git-fixes).
    
      - ALSA: hda: Fix racy display power access (bsc#1156928).
    
      - ALSA: hda/hdmi - Clear codec->relaxed_resume flag at
        unbinding (git-fixes).
    
      - ALSA: hda: hdmi - fix port numbering for ICL and TGL
        platforms (git-fixes).
    
      - ALSA: hda: hdmi - remove redundant code comments
        (git-fixes).
    
      - ALSA: hda/intel: add CometLake PCI IDs (bsc#1156729).
    
      - ALSA: hda/realtek - Enable internal speaker of ASUS
        UX431FLC (git-fixes).
    
      - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's
        laptop (git-fixes).
    
      - ALSA: hda/realtek - Move some alc236 pintbls to fallback
        table (git-fixes).
    
      - ALSA: hda/realtek - Move some alc256 pintbls to fallback
        table (git-fixes).
    
      - ALSA: i2c/cs8427: Fix int to char conversion
        (bsc#1051510).
    
      - ALSA: intel8x0m: Register irq handler after register
        initializations (bsc#1051510).
    
      - ALSA: pcm: Fix stream lock usage in
        snd_pcm_period_elapsed() (git-fixes).
    
      - ALSA: pcm: signedness bug in snd_pcm_plug_alloc()
        (bsc#1051510).
    
      - ALSA: pcm: Yet another missing check of non-cached
        buffer type (bsc#1111666).
    
      - ALSA: seq: Do error checks at creating system ports
        (bsc#1051510).
    
      - ALSA: usb-audio: Add skip_validation option (git-fixes).
    
      - ALSA: usb-audio: Fix Focusrite Scarlett 6i6 gen1 - input
        handling (git-fixes).
    
      - ALSA: usb-audio: Fix incorrect NULL check in
        create_yamaha_midi_quirk() (git-fixes).
    
      - ALSA: usb-audio: Fix incorrect size check for
        processing/extension units (git-fixes).
    
      - ALSA: usb-audio: Fix missing error check at mixer
        resolution test (git-fixes).
    
      - ALSA: usb-audio: Fix NULL dereference at parsing BADD
        (git-fixes).
    
      - ALSA: usb-audio: not submit urb for stopped endpoint
        (git-fixes).
    
      - ALSA: usb-audio: sound: usb: usb true/false for bool
        return type (git-fixes).
    
      - appledisplay: fix error handling in the scheduled work
        (git-fixes).
    
      - arm64: Update config files. (bsc#1156466) Enable
        HW_RANDOM_OMAP driver and mark driver omap-rng as
        supported.
    
      - ASoC: davinci: Kill BUG_ON() usage (stable 4.14.y).
    
      - ASoC: davinci-mcasp: Handle return value of
        devm_kasprintf (stable 4.14.y).
    
      - ASoC: dpcm: Properly initialise hw->rate_max
        (bsc#1051510).
    
      - ASoC: Intel: hdac_hdmi: Limit sampling rates at dai
        creation (bsc#1051510).
    
      - ASoC: kirkwood: fix external clock probe defer
        (git-fixes).
    
      - ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX
        (git-fixes).
    
      - ASoC: sgtl5000: avoid division by zero if lo_vag is zero
        (bsc#1051510).
    
      - ASoC: tegra_sgtl5000: fix device_node refcounting
        (bsc#1051510).
    
      - ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP
        modes (stable 4.14.y).
    
      - ASoC: tlv320dac31xx: mark expected switch fall-through
        (stable 4.14.y).
    
      - ata: ep93xx: Use proper enums for directions
        (bsc#1051510).
    
      - ath10k: allocate small size dma memory in
        ath10k_pci_diag_write_mem (bsc#1111666).
    
      - ath10k: avoid possible memory access violation
        (bsc#1111666).
    
      - ath10k: Correct error handling of dma_map_single()
        (bsc#1111666).
    
      - ath10k: fix kernel panic by moving pci flush after
        napi_disable (bsc#1051510).
    
      - ath10k: fix vdev-start timeout on error (bsc#1051510).
    
      - ath10k: limit available channels via DT
        ieee80211-freq-limit (bsc#1051510).
    
      - ath10k: skip resetting rx filter for WCN3990
        (bsc#1111666).
    
      - ath10k: wmi: disable softirq's while calling
        ieee80211_rx (bsc#1051510).
    
      - ath9k: add back support for using active monitor
        interfaces for tx99 (bsc#1051510).
    
      - ath9k: Fix a locking bug in ath9k_add_interface()
        (bsc#1051510).
    
      - ath9k: fix reporting calculated new FFT upper max
        (bsc#1051510).
    
      - ath9k: fix tx99 with monitor mode interface
        (bsc#1051510).
    
      - ath9k_hw: fix uninitialized variable data (bsc#1051510).
    
      - ax88172a: fix information leak on short answers
        (bsc#1051510).
    
      - backlight: lm3639: Unconditionally call
        led_classdev_unregister (bsc#1051510).
    
      - Bluetooth: btusb: fix PM leak in error case of setup
        (bsc#1051510).
    
      - Bluetooth: delete a stray unlock (bsc#1051510).
    
      - Bluetooth: Fix invalid-free in bcsp_close() (git-fixes).
    
      - Bluetooth: Fix memory leak in hci_connect_le_scan
        (bsc#1051510).
    
      - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL
        (bsc#1051510).
    
      - Bluetooth: L2CAP: Detect if remote is not able to use
        the whole MPS (bsc#1051510).
    
      - bnxt_en: Increase timeout for HWRM_DBG_COREDUMP_XX
        commands (bsc#1104745).
    
      - bnxt_en: Increase timeout for HWRM_DBG_COREDUMP_XX
        commands (bsc#1104745 FATE#325918).
    
      - bnxt_en: Update firmware interface spec. to 1.10.0.47
        (bsc#1157115)
    
      - bnxt_en: Update firmware interface spec. to 1.10.0.89
        (bsc#1157115)
    
      - bnxt_en: Update firmware interface to 1.10.0.69
        (bsc#1157115)
    
      - bpf: fix BTF limits (bsc#1109837).
    
      - bpf: fix BTF verification of enums (bsc#1109837).
    
      - bpf: Fix use after free in subprog's jited symbol
        removal (bsc#1109837).
    
      - brcmfmac: fix full timeout waiting for action frame
        on-channel tx (bsc#1051510).
    
      - brcmfmac: fix wrong strnchr usage (bsc#1111666).
    
      - brcmfmac: increase buffer for obtaining firmware
        capabilities (bsc#1111666).
    
      - brcmfmac: reduce timeout for action frame scan
        (bsc#1051510).
    
      - brcmsmac: AP mode: update beacon when TIM changes
        (bsc#1051510).
    
      - brcmsmac: never log 'tid x is not agg'able' by default
        (bsc#1051510).
    
      - brcmsmac: Use kvmalloc() for ucode allocations
        (bsc#1111666).
    
      - btrfs: fix log context list corruption after rename
        exchange operation (bsc#1156494).
    
      - can: c_can: c_can_poll(): only read status register
        after status IRQ (git-fixes).
    
      - can: mcba_usb: fix use-after-free on disconnect
        (git-fixes).
    
      - can: peak_usb: fix a potential out-of-sync while
        decoding packets (git-fixes).
    
      - can: peak_usb: fix slab info leak (git-fixes).
    
      - can: rx-offload: can_rx_offload_offload_one(): do not
        increase the skb_queue beyond skb_queue_len_max
        (git-fixes).
    
      - can: rx-offload: can_rx_offload_queue_sorted(): fix
        error handling, avoid skb mem leak (git-fixes).
    
      - can: rx-offload: can_rx_offload_queue_tail(): fix error
        handling, avoid skb mem leak (git-fixes).
    
      - can: usb_8dev: fix use-after-free on disconnect
        (git-fixes).
    
      - ceph: add missing check in d_revalidate snapdir handling
        (bsc#1157183).
    
      - ceph: do not try to handle hashed dentries in
        non-O_CREAT atomic_open (bsc#1157184).
    
      - ceph: fix use-after-free in __ceph_remove_cap()
        (bsc#1154058).
    
      - ceph: just skip unrecognized info in
        ceph_reply_info_extra (bsc#1157182).
    
      - cfg80211: Avoid regulatory restore when
        COUNTRY_IE_IGNORE is set (bsc#1051510).
    
      - cfg80211: call disconnect_wk when AP stops
        (bsc#1051510).
    
      - cfg80211: Prevent regulatory restore during STA
        disconnect in concurrent interfaces (bsc#1051510).
    
      - cfg80211: validate wmm rule when setting (bsc#1111666).
    
      - cgroup,writeback: do not switch wbs immediately on dead
        wbs if the memcg is dead (bsc#1158645).
    
      - cifs: add a helper to find an existing readable handle
        to a file (bsc#1144333, bsc#1154355).
    
      - cifs: avoid using MID 0xFFFF (bsc#1144333, bsc#1154355).
    
      - cifs: create a helper to find a writeable handle by path
        name (bsc#1144333, bsc#1154355).
    
      - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect
        occurs (bsc#1144333, bsc#1154355).
    
      - cifs: fix max ea value size (bsc#1144333, bsc#1154355).
    
      - cifs: Fix missed free operations (bsc#1144333,
        bsc#1154355).
    
      - cifs: Fix oplock handling for SMB 2.1+ protocols
        (bsc#1144333, bsc#1154355).
    
      - cifs: Fix retry mid list corruption on reconnects
        (bsc#1144333, bsc#1154355).
    
      - cifs: Fix SMB2 oplock break processing (bsc#1144333,
        bsc#1154355).
    
      - cifs: Fix use after free of file info structures
        (bsc#1144333, bsc#1154355).
    
      - cifs: Force reval dentry if LOOKUP_REVAL flag is set
        (bsc#1144333, bsc#1154355).
    
      - cifs: Force revalidate inode when dentry is stale
        (bsc#1144333, bsc#1154355).
    
      - cifs: Gracefully handle QueryInfo errors during open
        (bsc#1144333, bsc#1154355).
    
      - cifs: move cifsFileInfo_put logic into a work-queue
        (bsc#1144333, bsc#1154355).
    
      - cifs: prepare SMB2_Flush to be usable in compounds
        (bsc#1144333, bsc#1154355).
    
      - cifs: set domainName when a domain-key is used in
        multiuser (bsc#1144333, bsc#1154355).
    
      - cifs: use cifsInodeInfo->open_file_lock while iterating
        to avoid a panic (bsc#1144333, bsc#1154355).
    
      - cifs: use existing handle for compound_op(OP_SET_INFO)
        when possible (bsc#1144333, bsc#1154355).
    
      - cifs: Use kzfree() to zero out the password
        (bsc#1144333, bsc#1154355).
    
      - clk: at91: avoid sleeping early (git-fixes).
    
      - clk: pxa: fix one of the pxa RTC clocks (bsc#1051510).
    
      - clk: samsung: exynos5420: Preserve CPU clocks
        configuration during suspend/resume (bsc#1051510).
    
      - clk: samsung: exynos5420: Preserve PLL configuration
        during suspend/resume (git-fixes).
    
      - clk: samsung: Use clk_hw API for calling clk framework
        from clk notifiers (bsc#1051510).
    
      - clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18
        (git-fixes).
    
      - clocksource/drivers/sh_cmt: Fix clocksource width for
        32-bit machines (bsc#1051510).
    
      - clocksource/drivers/sh_cmt: Fixup for 64-bit machines
        (bsc#1051510).
    
      - compat_ioctl: handle SIOCOUTQNSD (bsc#1051510).
    
      - component: fix loop condition to call unbind() if bind()
        fails (bsc#1051510).
    
      - cpufreq: intel_pstate: Register when ACPI PCCH is
        present (bsc#1051510).
    
      - cpufreq/pasemi: fix use-after-free in
        pas_cpufreq_cpu_init() (bsc#1051510).
    
      - cpufreq: powernv: fix stack bloat and hard limit on
        number of CPUs (bsc#1051510).
    
      - cpufreq: Skip cpufreq resume if it's not suspended
        (bsc#1051510).
    
      - cpufreq: ti-cpufreq: add missing of_node_put()
        (bsc#1051510).
    
      - cpupower: Fix coredump on VMware (bsc#1051510).
    
      - cpupower : Fix cpupower working when cpu0 is offline
        (bsc#1051510).
    
      - cpupower : frequency-set -r option misses the last cpu
        in related cpu list (bsc#1051510).
    
      - crypto: af_alg - cast ki_complete ternary op to int
        (bsc#1051510).
    
      - crypto: crypto4xx - fix double-free in
        crypto4xx_destroy_sdr (bsc#1051510).
    
      - crypto: ecdh - fix big endian bug in ECC library
        (bsc#1051510).
    
      - crypto: fix a memory leak in rsa-kcs1pad's encryption
        mode (bsc#1051510).
    
      - crypto: geode-aes - switch to skcipher for cbc(aes)
        fallback (bsc#1051510).
    
      - crypto: mxs-dcp - Fix AES issues (bsc#1051510).
    
      - crypto: mxs-dcp - Fix SHA null hashes and output length
        (bsc#1051510).
    
      - crypto: mxs-dcp - make symbols 'sha1_null_hash' and
        'sha256_null_hash' static (bsc#1051510).
    
      - crypto: s5p-sss: Fix Fix argument list alignment
        (bsc#1051510).
    
      - crypto: tgr192 - remove unneeded semicolon
        (bsc#1051510).
    
      - cw1200: Fix a signedness bug in cw1200_load_firmware()
        (bsc#1051510).
    
      - cxgb4: fix panic when attaching to ULD fail
        (networking-stable-19_11_05).
    
      - cxgb4: request the TX CIDX updates to status page
        (bsc#1127354 bsc#1127371).
    
      - dccp: do not leak jiffies on the wire
        (networking-stable-19_11_05).
    
      - dlm: do not leak kernel pointer to userspace
        (bsc#1051510).
    
      - dlm: fix invalid free (bsc#1051510).
    
      - dmaengine: dma-jz4780: Do not depend on MACH_JZ4780
        (bsc#1051510).
    
      - dmaengine: dma-jz4780: Further residue status fix
        (bsc#1051510).
    
      - dmaengine: ep93xx: Return proper enum in
        ep93xx_dma_chan_direction (bsc#1051510).
    
      - dmaengine: imx-sdma: fix use-after-free on probe error
        path (bsc#1051510).
    
      - dmaengine: rcar-dmac: set scatter/gather max segment
        size (bsc#1051510).
    
      - dmaengine: timb_dma: Use proper enum in td_prep_slave_sg
        (bsc#1051510).
    
      - docs: move protection-keys.rst to the core-api book
        (bsc#1078248).
    
      - docs: move protection-keys.rst to the core-api book
        (FATE#322447, bsc#1078248).
    
      - Documentation: debugfs: Document debugfs helper for
        unsigned long values (git-fixes).
    
      - Documentation: x86: convert protection-keys.txt to reST
        (bsc#1078248).
    
      - Documentation: x86: convert protection-keys.txt to reST
        (FATE#322447, bsc#1078248).
    
      - drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2
        (bsc#1111666).
    
      - drm/amd/powerplay: issue no PPSMC_MSG_GetCurrPkgPwr on
        unsupported (bsc#1113956)
    
      - drm/etnaviv: fix dumping of iommuv2 (bsc#1113722)
    
      - drm: fix module name in edid_firmware log message
        (bsc#1113956)
    
      - drm/i915: Do not dereference request if it may have been
        retired when (bsc#1142635)
    
      - drm/i915: Fix and improve MCR selection logic
        (bsc#1112178)
    
      - drm/i915/gvt: fix dropping obj reference twice
        (bsc#1111666).
    
      - drm/i915: Lock the engine while dumping the active
        request (bsc#1142635)
    
      - drm/i915/pmu: 'Frequency' is reported as accumulated
        cycles (bsc#1112178)
    
      - drm/i915: Reacquire priolist cache after dropping the
        engine lock (bsc#1129770)
    
      - drm/i915: Skip modeset for cdclk changes if possible
        (bsc#1156928).
    
      - drm/msm: fix memleak on release (bsc#1111666).
    
      - drm/omap: fix max fclk divider for omap36xx
        (bsc#1113722)
    
      - drm/radeon: fix bad DMA from INTERRUPT_CNTL2
        (git-fixes).
    
      - drm/radeon: fix si_enable_smc_cac() failed issue
        (bsc#1113722)
    
      - Drop
        scsi-qla2xxx-Fix-memory-leak-when-sending-I-O-fails.patc
        h This patch has introduces an double free. Upstream has
        dropped it from the scsi-queue before it hit mainline.
        So let's drop it as well.
    
      - e1000e: Drop unnecessary __E1000_DOWN bit twiddling
        (bsc#1158049).
    
      - e1000e: Use dev_get_drvdata where possible
        (bsc#1158049).
    
      - e1000e: Use rtnl_lock to prevent race conditions between
        net and pci/pm (bsc#1158049).
    
      - ecryptfs_lookup_interpose(): lower_dentry->d_inode is
        not stable (bsc#1158646).
    
      - ecryptfs_lookup_interpose(): lower_dentry->d_parent is
        not stable either (bsc#1158647).
    
      - EDAC/ghes: Fix locking and memory barrier issues
        (bsc#1114279). EDAC/ghes: Do not warn when incrementing
        refcount on 0 (bsc#1114279).
    
      - EDAC/ghes: Fix Use after free in ghes_edac remove path
        (bsc#1114279).
    
      - ext4: fix punch hole for inline_data file systems
        (bsc#1158640).
    
      - ext4: update direct I/O read lock pattern for
        IOCB_NOWAIT (bsc#1158639).
    
      - extcon: cht-wc: Return from default case to avoid
        warnings (bsc#1051510).
    
      - fbdev: sbuslib: integer overflow in
        sbusfb_ioctl_helper() (bsc#1051510).
    
      - fbdev: sbuslib: use checked version of put_user()
        (bsc#1051510).
    
      - ftrace: Introduce PERMANENT ftrace_ops flag
        (bsc#1120853).
    
      - gpiolib: acpi: Add Terra Pad 1061 to the
        run_edge_events_on_boot_blacklist (bsc#1051510).
    
      - gpio: mpc8xxx: Do not overwrite default irq_set_type
        callback (bsc#1051510).
    
      - gpio: syscon: Fix possible NULL ptr usage (bsc#1051510).
    
      - gsmi: Fix bug in append_to_eventlog sysfs handler
        (bsc#1051510).
    
      - HID: Add ASUS T100CHI keyboard dock battery quirks
        (bsc#1051510).
    
      - HID: Add quirk for Microsoft PIXART OEM mouse
        (bsc#1051510).
    
      - HID: asus: Add T100CHI bluetooth keyboard dock special
        keys mapping (bsc#1051510).
    
      - HID: Fix assumption that devices have inputs
        (git-fixes).
    
      - HID: wacom: generic: Treat serial number and related
        fields as unsigned (git-fixes).
    
      - hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros
        (bsc#1051510).
    
      - hwmon: (pwm-fan) Silence error on probe deferral
        (bsc#1051510).
    
      - hwrng: omap3-rom - Call clk_disable_unprepare() on exit
        only if not idled (bsc#1051510).
    
      - hwrng: omap - Fix RNG wait loop timeout (bsc#1051510).
    
      - hypfs: Fix error number left in struct pointer member
        (bsc#1051510).
    
      - i2c: of: Try to find an I2C adapter matching the parent
        (bsc#1129770)
    
      - i40e: enable X710 support (bsc#1151067).
    
      - IB/mlx5: Free mpi in mp_slave mode (bsc#1103991).
    
      - IB/mlx5: Free mpi in mp_slave mode (bsc#1103991
        FATE#326007).
    
      - IB/mlx5: Support MLX5_CMD_OP_QUERY_LAG as a DEVX general
        command (bsc#1103991).
    
      - IB/mlx5: Support MLX5_CMD_OP_QUERY_LAG as a DEVX general
        command (bsc#1103991 FATE#326007).
    
      - ibmvnic: Bound waits for device queries (bsc#1155689
        ltc#182047).
    
      - ibmvnic: Fix completion structure initialization
        (bsc#1155689 ltc#182047).
    
      - ibmvnic: Serialize device queries (bsc#1155689
        ltc#182047).
    
      - ibmvnic: Terminate waiting device threads after loss of
        service (bsc#1155689 ltc#182047).
    
      - ice: fix potential infinite loop because loop counter
        being too small (bsc#1118661).
    
      - ice: fix potential infinite loop because loop counter
        being too small (bsc#1118661 FATE#325277).
    
      - iio: adc: max9611: explicitly cast gain_selectors
        (bsc#1051510).
    
      - iio: adc: stm32-adc: fix stopping dma (git-fixes).
    
      - iio: dac: mcp4922: fix error handling in
        mcp4922_write_raw (bsc#1051510).
    
      - iio: imu: adis16480: assign bias value only if operation
        succeeded (git-fixes).
    
      - iio: imu: adis16480: make sure provided frequency is
        positive (git-fixes).
    
      - iio: imu: adis: assign read val in debugfs hook only if
        op successful (git-fixes).
    
      - iio: imu: adis: assign value only if return code zero in
        read funcs (git-fixes).
    
      - include/linux/bitrev.h: fix constant bitrev
        (bsc#1114279).
    
      - inet: stop leaking jiffies on the wire
        (networking-stable-19_11_05).
    
      - Input: ff-memless - kill timer in destroy()
        (bsc#1051510).
    
      - Input: silead - try firmware reload after unsuccessful
        resume (bsc#1051510).
    
      - Input: st1232 - set INPUT_PROP_DIRECT property
        (bsc#1051510).
    
      - Input: synaptics-rmi4 - clear IRQ enables for F54
        (bsc#1051510).
    
      - Input: synaptics-rmi4 - destroy F54 poller workqueue
        when removing (bsc#1051510).
    
      - Input: synaptics-rmi4 - disable the relative position
        IRQ in the F12 driver (bsc#1051510).
    
      - Input: synaptics-rmi4 - do not consume more data than we
        have (F11, F12) (bsc#1051510).
    
      - Input: synaptics-rmi4 - fix video buffer size
        (git-fixes).
    
      - intel_th: Fix a double put_device() in error path
        (git-fixes).
    
      - iomap: Fix pipe page leakage during splicing
        (bsc#1158651).
    
      - iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and
        QI_DEV_EIOTLB_PFSID macros (bsc#1158063).
    
      - ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base
        address (bsc#1051510).
    
      - ipv4: Return -ENETUNREACH if we can't create route but
        saddr is valid (networking-stable-19_10_24).
    
      - irqdomain: Add the missing assignment of domain->fwnode
        for named fwnode (bsc#1111666).
    
      - iwlwifi: api: annotate compressed BA notif array sizes
        (bsc#1051510).
    
      - iwlwifi: check kasprintf() return value (bsc#1051510).
    
      - iwlwifi: drop packets with bad status in CD
        (bsc#1111666).
    
      - iwlwifi: mvm: avoid sending too many BARs (bsc#1051510).
    
      - iwlwifi: mvm: do not send keys when entering D3
        (bsc#1051510).
    
      - iwlwifi: mvm: use correct FIFO length (bsc#1111666).
    
      - iwlwifi: pcie: fit reclaim msg to MAX_MSG_LEN
        (bsc#1111666).
    
      - iwlwifi: pcie: read correct prph address for newer
        devices (bsc#1111666).
    
      - ixgbe: fix double clean of Tx descriptors with xdp
        (bsc#1113994 ).
    
      - ixgbe: fix double clean of Tx descriptors with xdp
        (bsc#1113994 FATE#326315 FATE#326317).
    
      - ixgbevf: Fix secpath usage for IPsec Tx offload
        (bsc#1113994 ).
    
      - ixgbevf: Fix secpath usage for IPsec Tx offload
        (bsc#1113994 FATE#326315 FATE#326317).
    
      - kABI: Fix for 'KVM: x86: Introduce
        vcpu->arch.xsaves_enabled' (bsc#1158066).
    
      - kABI fixup alloc_dax_region (bsc#1158071).
    
      - kabi: s390: struct subchannel (git-fixes).
    
      - kABI workaround for ath10k hw_filter_reset_required
        field (bsc#1111666).
    
      - kABI workaround for ath10k last_wmi_vdev_start_status
        field (bsc#1051510).
    
      - kABI workaround for iwlwifi iwl_rx_cmd_buffer change
        (bsc#1111666).
    
      - kABI workaround for struct mwifiex_power_cfg change
        (bsc#1051510).
    
      - KVM: s390: fix __insn32_query() inline assembly
        (git-fixes).
    
      - KVM: s390: vsie: Do not shadow CRYCB when no AP and no
        keys (git-fixes).
    
      - KVM: s390: vsie: Return correct values for Invalid CRYCB
        format (git-fixes).
    
      - KVM: SVM: Guard against DEACTIVATE when performing
        WBINVD/DF_FLUSH (bsc#1114279).
    
      - KVM: SVM: Serialize access to the SEV ASID bitmap
        (bsc#1114279).
    
      - KVM: VMX: Consider PID.PIR to determine if vCPU has
        pending interrupts (bsc#1158064).
    
      - KVM: VMX: Fix conditions for guest IA32_XSS support
        (bsc#1158065).
    
      - KVM: x86: Introduce vcpu->arch.xsaves_enabled
        (bsc#1158066).
    
      - KVM: x86/mmu: Take slots_lock when using
        kvm_mmu_zap_all_fast() (bsc#1158067).
    
      - libnvdimm: Export the target_node attribute for regions
        and namespaces (bsc#1158071).
    
      - lib/scatterlist: Fix chaining support in
        sgl_alloc_order() (git-fixes).
    
      - lib/scatterlist: Introduce sgl_alloc() and sgl_free()
        (git-fixes).
    
      - liquidio: fix race condition in instruction completion
        processing (bsc#1051510).
    
      - livepatch: Allow to distinguish different version of
        system state changes (bsc#1071995).
    
      - livepatch: Allow to distinguish different version of
        system state changes (bsc#1071995 fate#323487).
    
      - livepatch: Basic API to track system state changes
        (bsc#1071995 ).
    
      - livepatch: Basic API to track system state changes
        (bsc#1071995 fate#323487).
    
      - livepatch: Keep replaced patches until post_patch
        callback is called (bsc#1071995).
    
      - livepatch: Keep replaced patches until post_patch
        callback is called (bsc#1071995 fate#323487).
    
      - livepatch: Selftests of the API for tracking system
        state changes (bsc#1071995).
    
      - livepatch: Selftests of the API for tracking system
        state changes (bsc#1071995 fate#323487).
    
      - loop: add ioctl for changing logical block size
        (bsc#1108043).
    
      - loop: fix no-unmap write-zeroes request behavior
        (bsc#1158637).
    
      - lpfc: size cpu map by last cpu id set (bsc#1157160).
    
      - mac80211: consider QoS Null frames for
        STA_NULLFUNC_ACKED (bsc#1051510).
    
      - mac80211: minstrel: fix CCK rate group streams value
        (bsc#1051510).
    
      - mac80211: minstrel: fix sampling/reporting of CCK rates
        in HT mode (bsc#1051510).
    
      - macvlan: schedule bc_work even if error (bsc#1051510).
    
      - mailbox: reset txdone_method TXDONE_BY_POLL if client
        knows_txdone (git-fixes).
    
      - media: au0828: Fix incorrect error messages
        (bsc#1051510).
    
      - media: bdisp: fix memleak on release (git-fixes).
    
      - media: cxusb: detect cxusb_ctrl_msg error in query
        (bsc#1051510).
    
      - media: davinci: Fix implicit enum conversion warning
        (bsc#1051510).
    
      - media: exynos4-is: Fix recursive locking in
        isp_video_release() (git-fixes).
    
      - media: fix: media: pci: meye: validate offset to avoid
        arbitrary access (bsc#1051510).
    
      - media: flexcop-usb: ensure -EIO is returned on error
        condition (git-fixes).
    
      - media: imon: invalid dereference in imon_touch_event
        (bsc#1051510).
    
      - media: isif: fix a NULL pointer dereference bug
        (bsc#1051510).
    
      - media: pci: ivtv: Fix a sleep-in-atomic-context bug in
        ivtv_yuv_init() (bsc#1051510).
    
      - media: pxa_camera: Fix check for pdev->dev.of_node
        (bsc#1051510).
    
      - media: radio: wl1273: fix interrupt masking on release
        (git-fixes).
    
      - media: ti-vpe: vpe: Fix Motion Vector vpdma stride
        (git-fixes).
    
      - media: usbvision: Fix races among open, close, and
        disconnect (bsc#1051510).
    
      - media: vim2m: Fix abort issue (git-fixes).
    
      - media: vivid: Set vid_cap_streaming and
        vid_out_streaming to true (bsc#1051510).
    
      - mei: fix modalias documentation (git-fixes).
    
      - mei: samples: fix a signedness bug in amt_host_if_call()
        (bsc#1051510).
    
      - mfd: intel-lpss: Add default I2C device properties for
        Gemini Lake (bsc#1051510).
    
      - mfd: max8997: Enale irq-wakeup unconditionally
        (bsc#1051510).
    
      - mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC
        values (bsc#1051510).
    
      - mfd: palmas: Assign the right powerhold mask for
        tps65917 (git-fixes).
    
      - mfd: ti_am335x_tscadc: Keep ADC interface on if child is
        wakeup capable (bsc#1051510).
    
      - mISDN: Fix type of switch control variable in
        ctrl_teimanager (bsc#1051510).
    
      - mlx5: add parameter to disable enhanced IPoIB
        (bsc#1142095)
    
      - mlx5: add parameter to disable enhanced IPoIB
        (bsc#1142095) Fix badly backported patch
    
      - mlxsw: spectrum_flower: Fail in case user specifies
        multiple mirror actions (bsc#1112374).
    
      - mmc: core: fix wl1251 sdio quirks (git-fixes).
    
      - mmc: host: omap_hsmmc: add code for special init of
        wl1251 to get rid of pandora_wl1251_init_card
        (git-fixes).
    
      - mmc: mediatek: fix cannot receive new request when
        msdc_cmd_is_ready fail (bsc#1051510).
    
      - mm/compaction.c: clear total_(migrate,free)_scanned
        before scanning a new zone (git fixes (mm/compaction)).
    
      - mmc: sdhci-esdhc-imx: correct the fix of ERR004536
        (git-fixes).
    
      - mmc: sdhci-of-at91: fix quirk2 overwrite (git-fixes).
    
      - mmc: sdio: fix wl1251 vendor id (git-fixes).
    
      - mm/debug.c: PageAnon() is true for PageKsm() pages (git
        fixes (mm/debug)).
    
      - mm, thp: Do not make page table dirty unconditionally in
        touch_p[mu]d() (git fixes (mm/gup)).
    
      - mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
        (bsc#1051510).
    
      - mt76x0: init hw capabilities.
    
      - mtd: nand: mtk: fix incorrect register setting order
        about ecc irq.
    
      - mtd: spear_smi: Fix Write Burst mode (bsc#1051510).
    
      - mtd: spi-nor: fix silent truncation in spi_nor_read()
        (bsc#1051510).
    
      - mwifex: free rx_cmd skb in suspended state
        (bsc#1111666).
    
      - mwifiex: do no submit URB in suspended state
        (bsc#1111666).
    
      - mwifiex: Fix NL80211_TX_POWER_LIMITED (bsc#1051510).
    
      - nbd: prevent memory leak (bsc#1158638).
    
      - net: add READ_ONCE() annotation in
        __skb_wait_for_more_packets()
        (networking-stable-19_11_05).
    
      - net: add skb_queue_empty_lockless()
        (networking-stable-19_11_05).
    
      - net: annotate accesses to sk->sk_incoming_cpu
        (networking-stable-19_11_05).
    
      - net: annotate lockless accesses to sk->sk_napi_id
        (networking-stable-19_11_05).
    
      - net: avoid potential infinite loop in tc_ctl_action()
        (networking-stable-19_10_24).
    
      - net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
        (networking-stable-19_10_24).
    
      - net: bcmgenet: reset 40nm EPHY on energy detect
        (networking-stable-19_11_05).
    
      - net: bcmgenet: Set phydev->dev_flags only for internal
        PHYs (networking-stable-19_10_24).
    
      - net: dsa: b53: Do not clear existing mirrored port mask
        (networking-stable-19_11_05).
    
      - net: dsa: bcm_sf2: Fix IMP setup for port different than
        8 (networking-stable-19_11_05).
    
      - net: dsa: fix switch tree list
        (networking-stable-19_11_05).
    
      - net: ethernet: ftgmac100: Fix DMA coherency issue with
        SW checksum (networking-stable-19_11_05).
    
      - net: fix sk_page_frag() recursion from memory reclaim
        (networking-stable-19_11_05).
    
      - net: hisilicon: Fix ping latency when deal with high
        throughput (networking-stable-19_11_05).
    
      - net: hns3: change GFP flag during lock period
        (bsc#1104353 ).
    
      - net: hns3: change GFP flag during lock period
        (bsc#1104353 FATE#326415).
    
      - net: hns3: do not query unsupported commands in debugfs
        (bsc#1104353).
    
      - net: hns3: do not query unsupported commands in debugfs
        (bsc#1104353 FATE#326415).
    
      - net: hns3: fix GFP flag error in
        hclge_mac_update_stats() (bsc#1126390).
    
      - net: hns3: fix some reset handshake issue (bsc#1104353
        ).
    
      - net: hns3: fix some reset handshake issue (bsc#1104353
        FATE#326415).
    
      - net: hns3: prevent unnecessary MAC TNL interrupt
        (bsc#1104353 bsc#1134983).
    
      - net: hns3: prevent unnecessary MAC TNL interrupt
        (bsc#1104353 FATE#326415 bsc#1134983).
    
      - net: hns: Fix the stray netpoll locks causing deadlock
        in NAPI path (bsc#1104353).
    
      - net: hns: Fix the stray netpoll locks causing deadlock
        in NAPI path (bsc#1104353 FATE#326415).
    
      - net/ibmvnic: Ignore H_FUNCTION return from H_EOI to
        tolerate XIVE mode (bsc#1089644, ltc#166495, ltc#165544,
        git-fixes).
    
      - net/mlx4_core: Dynamically set guaranteed amount of
        counters per VF (networking-stable-19_11_05).
    
      - net/mlx5e: Fix eswitch debug print of max fdb flow
        (bsc#1103990 ).
    
      - net/mlx5e: Fix eswitch debug print of max fdb flow
        (bsc#1103990 FATE#326006).
    
      - net/mlx5e: Fix ethtool self test: link speed
        (bsc#1103990 ).
    
      - net/mlx5e: Fix ethtool self test: link speed
        (bsc#1103990 FATE#326006).
    
      - net/mlx5e: Fix handling of compressed CQEs in case of
        low NAPI budget (networking-stable-19_11_05).
    
      - net/mlx5e: Print a warning when LRO feature is dropped
        or not allowed (bsc#1103990).
    
      - net/mlx5e: Print a warning when LRO feature is dropped
        or not allowed (bsc#1103990 FATE#326006).
    
      - net/mlx5: FWTrace, Reduce stack usage (bsc#1103990).
    
      - net/mlx5: FWTrace, Reduce stack usage (bsc#1103990
        FATE#326006).
    
      - netns: fix GFP flags in rtnl_net_notifyid()
        (networking-stable-19_11_05).
    
      - net: phy: bcm7xxx: define soft_reset for 40nm EPHY
        (bsc#1119113 ).
    
      - net: phy: bcm7xxx: define soft_reset for 40nm EPHY
        (bsc#1119113 FATE#326472).
    
      - net: phylink: Fix flow control resolution (bsc#1119113
        ).
    
      - net: phylink: Fix flow control resolution (bsc#1119113
        FATE#326472).
    
      - net: sched: cbs: Avoid division by zero when calculating
        the port rate (bsc#1109837).
    
      - net/sched: cbs: Fix not adding cbs instance to list
        (bsc#1109837).
    
      - net/sched: cbs: Set default link speed to 10 Mbps in
        cbs_set_port_rate (bsc#1109837).
    
      - net: sched: fix possible crash in tcf_action_destroy()
        (bsc#1109837).
    
      - net: sched: fix reordering issues (bsc#1109837).
    
      - net/smc: avoid fallback in case of non-blocking connect
        (git-fixes).
    
      - net/smc: do not schedule tx_work in SMC_CLOSED state
        (git-fixes).
    
      - net/smc: fix closing of fallback SMC sockets
        (git-fixes).
    
      - net/smc: Fix error path in smc_init (git-fixes).
    
      - net/smc: fix ethernet interface refcounting (git-fixes).
    
      - net/smc: fix fastopen for non-blocking connect()
        (git-fixes).
    
      - net/smc: fix refcounting for non-blocking connect()
        (git-fixes).
    
      - net/smc: fix refcount non-blocking connect() -part 2
        (git-fixes).
    
      - net/smc: fix SMCD link group creation with VLAN id
        (git-fixes).
    
      - net/smc: keep vlan_id for SMC-R in smc_listen_work()
        (git-fixes).
    
      - net/smc: original socket family in inet_sock_diag
        (git-fixes).
    
      - net: sock_map, fix missing ulp check in sock hash case
        (bsc#1109837).
    
      - net: stmmac: disable/enable ptp_ref_clk in
        suspend/resume flow (networking-stable-19_10_24).
    
      - net: use skb_queue_empty_lockless() in busy poll
        contexts (networking-stable-19_11_05).
    
      - net: use skb_queue_empty_lockless() in poll() handlers
        (networking-stable-19_11_05).
    
      - net: wireless: ti: remove local VENDOR_ID and DEVICE_ID
        definitions (git-fixes).
    
      - net: wireless: ti: wl1251 use new
        SDIO_VENDOR_ID_TI_WL1251 definition (git-fixes).
    
      - net: Zeroing the structure ethtool_wolinfo in
        ethtool_get_wol() (networking-stable-19_11_05).
    
      - nfc: netlink: fix double device reference drop
        (git-fixes).
    
      - NFC: nxp-nci: Fix NULL pointer dereference after I2C
        communication error (git-fixes).
    
      - nfc: port100: handle command failure cleanly
        (git-fixes).
    
      - nfp: flower: fix memory leak in
        nfp_flower_spawn_vnic_reprs (bsc#1109837).
    
      - nfp: flower: prevent memory leak in
        nfp_flower_spawn_phy_reprs (bsc#1109837).
    
      - nl80211: Fix a GET_KEY reply attribute (bsc#1051510).
    
      - nvme-tcp: support C2HData with SUCCESS flag
        (bsc#1157386).
    
      - ocfs2: fix panic due to ocfs2_wq is null (bsc#1158644).
    
      - ocfs2: fix passing zero to 'PTR_ERR' warning
        (bsc#1158649).
    
      - openvswitch: fix flow command message size (git-fixes).
    
      - padata: use smp_mb in padata_reorder to avoid orphaned
        padata jobs (git-fixes).
    
      - PCI/ACPI: Correct error message for ASPM disabling
        (bsc#1051510).
    
      - PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3
        (bsc#1051510).
    
      - PCI: dwc: Fix find_next_bit() usage (bsc#1051510).
    
      - PCI: Fix Intel ACS quirk UPDCR register address
        (bsc#1051510).
    
      - PCI/MSI: Fix incorrect MSI-X masking on resume
        (bsc#1051510).
    
      - PCI: pciehp: Do not disable interrupt twice on suspend
        (bsc#1111666).
    
      - PCI/PM: Clear PCIe PME Status even for legacy power
        management (bsc#1111666).
    
      - PCI/PME: Fix possible use-after-free on remove
        (git-fixes).
    
      - PCI/PTM: Remove spurious 'd' from granularity message
        (bsc#1051510).
    
      - PCI: rcar: Fix missing MACCTLR register setting in
        initialization sequence (bsc#1051510).
    
      - PCI: sysfs: Ignore lockdep for remove attribute
        (git-fixes).
    
      - PCI: tegra: Enable Relaxed Ordering only for Tegra20 &
        Tegra30 (git-fixes).
    
      - perf/x86/amd: Change/fix NMI latency mitigation to use a
        timestamp (bsc#1142924).
    
      - phy: phy-twl4030-usb: fix denied runtime access
        (git-fixes).
    
      - pinctl: ti: iodelay: fix error checking on
        pinctrl_count_index_with_args call (git-fixes).
    
      - pinctrl: at91: do not use the same irqchip with multiple
        gpiochips (git-fixes).
    
      - pinctrl: cherryview: Allocate IRQ chip dynamic
        (git-fixes).
    
      - pinctrl: lewisburg: Update pin list according to v1.1v6
        (bsc#1051510).
    
      - pinctrl: lpc18xx: Use define directive for
        PIN_CONFIG_GPIO_PIN_INT (bsc#1051510).
    
      - pinctrl: qcom: spmi-gpio: fix gpio-hog related boot
        issues (bsc#1051510).
    
      - pinctrl: samsung: Fix device node refcount leaks in init
        code (bsc#1051510).
    
      - pinctrl: samsung: Fix device node refcount leaks in
        S3C24xx wakeup controller init (bsc#1051510).
    
      - pinctrl: samsung: Fix device node refcount leaks in
        S3C64xx wakeup controller init (bsc#1051510).
    
      - pinctrl: sunxi: Fix a memory leak in
        'sunxi_pinctrl_build_state()' (bsc#1051510).
    
      - pinctrl: zynq: Use define directive for
        PIN_CONFIG_IO_STANDARD (bsc#1051510).
    
      - PM / devfreq: Check NULL governor in
        available_governors_show (git-fixes).
    
      - PM / devfreq: exynos-bus: Correct clock enable sequence
        (bsc#1051510).
    
      - PM / devfreq: Lock devfreq in trans_stat_show
        (git-fixes).
    
      - PM / devfreq: passive: fix compiler warning
        (bsc#1051510).
    
      - PM / devfreq: passive: Use non-devm notifiers
        (bsc#1051510).
    
      - PM / hibernate: Check the success of generating md5
        digest before hibernation (bsc#1051510).
    
      - powerpc/64: Make meltdown reporting Book3S 64 specific
        (bsc#1091041).
    
      - powerpc/book3s64/hash: Use secondary hash for bolted
        mapping if the primary is full (bsc#1157778 ltc#182520).
    
      - powerpc/bpf: Fix tail call implementation (bsc#1157698).
    
      - powerpc/pseries: address checkpatch warnings in
        dlpar_offline_cpu (bsc#1156700 ltc#182459).
    
      - powerpc/pseries: Do not fail hash page table insert for
        bolted mapping (bsc#1157778 ltc#182520).
    
      - powerpc/pseries: Do not opencode HPTE_V_BOLTED
        (bsc#1157778 ltc#182520).
    
      - powerpc/pseries: safely roll back failed DLPAR cpu add
        (bsc#1156700 ltc#182459).
    
      - powerpc/security/book3s64: Report L1TF status in sysfs
        (bsc#1091041).
    
      - powerpc/security: Fix wrong message when RFI Flush is
        disable (bsc#1131107).
    
      - powerpc/xive: Prevent page fault issues in the machine
        crash handler (bsc#1156882 ltc#182435).
    
      - power: reset: at91-poweroff: do not procede if
        at91_shdwc is allocated (bsc#1051510).
    
      - power: supply: ab8500_fg: silence uninitialized variable
        warnings (bsc#1051510).
    
      - power: supply: twl4030_charger: disable eoc interrupt on
        linear charge (bsc#1051510).
    
      - power: supply: twl4030_charger: fix charging current
        out-of-bounds (bsc#1051510).
    
      - ppdev: fix PPGETTIME/PPSETTIME ioctls (bsc#1051510).
    
      - printk: Export console_printk (bsc#1071995).
    
      - printk: Export console_printk (bsc#1071995 fate#323487).
    
      - pwm: bcm-iproc: Prevent unloading the driver module
        while in use (git-fixes).
    
      - pwm: lpss: Only set update bit if we are actually
        changing the settings (bsc#1051510).
    
      - qxl: fix NULL pointer crash during suspend
        (bsc#1111666).
    
      - r8152: add device id for Lenovo ThinkPad USB-C Dock Gen
        2 (networking-stable-19_11_05).
    
      - RDMA/bnxt_re: Fix stat push into dma buffer on gen p5
        devices (bsc#1157115)
    
      - RDMA/efa: Clear the admin command buffer prior to its
        submission (git-fixes) Patch was already picked through
        Amazon driver repo but was not marked with a Git-commit
        tag
    
      - RDMA/hns: Fix comparison of unsigned long variable 'end'
        with less than zero (bsc#1104427 bsc#1137236).
    
      - RDMA/hns: Fix comparison of unsigned long variable 'end'
        with less than zero (bsc#1104427 FATE#326416
        bsc#1137236).
    
      - RDMA/hns: Fix wrong assignment of qp_access_flags
        (bsc#1104427 ).
    
      - RDMA/hns: Fix wrong assignment of qp_access_flags
        (bsc#1104427 FATE#326416).
    
      - regulator: ab8500: Remove AB8505 USB regulator
        (bsc#1051510).
    
      - regulator: ab8500: Remove SYSCLKREQ from enum
        ab8505_regulator_id (bsc#1051510).
    
      - remoteproc: Check for NULL firmwares in sysfs interface
        (git-fixes).
    
      - Remove patches that reportedly cause regression
        (bsc#1155689 ltc#182047).
    
      - reset: fix of_reset_simple_xlate kerneldoc comment
        (bsc#1051510).
    
      - reset: Fix potential use-after-free in
        __of_reset_control_get() (bsc#1051510).
    
      - reset: fix reset_control_get_exclusive kerneldoc comment
        (bsc#1051510).
    
      - Revert 'drm/etnaviv: fix dumping of iommuv2
        (bsc#1113722)' This reverts commit
        71e3a1b8d8cf73f711f3e4100aa51f68e631f94f. ATM the
        backported patch does not build on x86.
    
      - rpm/kernel-binary.spec.in: add COMPRESS_VMLINUX
        (bnc#1155921) Let COMPRESS_VMLINUX determine the
        compression used for vmlinux. By default (historically),
        it is gz.
    
      - rpm/kernel-source.spec.in: Fix dependency of
        kernel-devel (bsc#1154043)
    
      - rt2800: remove errornous duplicate condition
        (git-fixes).
    
      - rtl8187: Fix warning generated when strncpy()
        destination length matches the sixe argument
        (bsc#1051510).
    
      - rtlwifi: btcoex: Use proper enumerated types for Wi-Fi
        only interface (bsc#1111666).
    
      - rtlwifi: Remove unnecessary NULL check in rtl_regd_init
        (bsc#1051510).
    
      - rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL
        information (bsc#1051510).
    
      - rtlwifi: rtl8192de: Fix missing code to retrieve RX
        buffer address (bsc#1051510).
    
      - rtlwifi: rtl8192de: Fix missing enable interrupt flag
        (bsc#1051510).
    
      - s390/bpf: fix lcgr instruction encoding (bsc#1051510).
    
      - s390/bpf: use 32-bit index for tail calls (bsc#1051510).
    
      - s390/cio: avoid calling strlen on NULL pointer
        (bsc#1051510).
    
      - s390/cio: exclude subchannels with no parent from pseudo
        check (bsc#1051510).
    
      - s390/cio: fix virtio-ccw DMA without PV (git-fixes).
    
      - s390/cmm: fix information leak in cmm_timeout_handler()
        (bsc#1051510).
    
      - s390: fix stfle zero padding (bsc#1051510).
    
      - s390/idle: fix cpu idle time calculation (bsc#1051510).
    
      - s390/mm: properly clear _PAGE_NOEXEC bit when it is not
        supported (bsc#1051510).
    
      - s390/process: avoid potential reading of freed stack
        (bsc#1051510).
    
      - s390/qdio: do not touch the dsci in
        tiqdio_add_input_queues() (bsc#1051510).
    
      - s390/qdio: (re-)initialize tiqdio list entries
        (bsc#1051510).
    
      - s390/qeth: return proper errno on IO error
        (bsc#1051510).
    
      - s390/setup: fix boot crash for machine without EDAT-1
        (bsc#1051510 bsc#1140948).
    
      - s390/setup: fix early warning messages (bsc#1051510
        bsc#1140948).
    
      - s390/topology: avoid firing events before kobjs are
        created (bsc#1051510).
    
      - s390: vsie: Use effective CRYCBD.31 to check CRYCBD
        validity (git-fixes).
    
      - s390/zcrypt: fix memleak at release (git-fixes).
    
      - scsi: lpfc: Add enablement of multiple adapter dumps
        (bsc#1154601).
    
      - scsi: lpfc: Add registration for CPU Offline/Online
        events (bsc#1154601).
    
      - scsi: lpfc: Change default IRQ model on AMD
        architectures (bsc#1154601).
    
      - scsi: lpfc: Clarify FAWNN error message (bsc#1154601).
    
      - scsi: lpfc: Fix a kernel warning triggered by
        lpfc_get_sgl_per_hdwq() (bsc#1154601).
    
      - scsi: lpfc: Fix a kernel warning triggered by
        lpfc_sli4_enable_intr() (bsc#1154601).
    
      - scsi: lpfc: fix build error of lpfc_debugfs.c for
        vfree/vmalloc (bsc#1154601).
    
      - scsi: lpfc: Fix configuration of BB credit recovery in
        service parameters (bsc#1154601).
    
      - scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): NULL
        pointer dereferences (bsc#1154601).
    
      - scsi: lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): NULL
        pointer dereferences (bsc#1154601).
    
      - scsi: lpfc: Fix duplicate unreg_rpi error in port
        offline flow (bsc#1154601).
    
      - scsi: lpfc: Fix dynamic fw log enablement check
        (bsc#1154601).
    
      - scsi: lpfc: fix inlining of
        lpfc_sli4_cleanup_poll_list() (bsc#1154601).
    
      - scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show
        during remote port bounce (bsc#1154601).
    
      - scsi: lpfc: Fix lpfc_cpumask_of_node_init()
        (bsc#1154601).
    
      - scsi: lpfc: Fix NULL check before mempool_destroy is not
        needed (bsc#1154601).
    
      - scsi: lpfc: Fix Oops in nvme_register with target
        logout/login (bsc#1151900).
    
      - scsi: lpfc: fix spelling error in MAGIC_NUMER_xxx
        (bsc#1154601).
    
      - scsi: lpfc: Fix unexpected error messages during RSCN
        handling (bsc#1154601).
    
      - scsi: lpfc: Honor module parameter lpfc_use_adisc
        (bsc#1153628).
    
      - scsi: lpfc: Honor module parameter lpfc_use_adisc
        (bsc#1154601).
    
      - scsi: lpfc: Initialize cpu_map for not present cpus
        (bsc#1154601).
    
      - scsi: lpfc: lpfc_attr: Fix Use plain integer as NULL
        pointer (bsc#1154601).
    
      - scsi: lpfc: lpfc_nvmet: Fix Use plain integer as NULL
        pointer (bsc#1154601).
    
      - scsi: lpfc: Make lpfc_debugfs_ras_log_data static
        (bsc#1154601).
    
      - scsi: lpfc: Mitigate high memory pre-allocation by
        SCSI-MQ (bsc#1154601).
    
      - scsi: lpfc: Raise config max for lpfc_fcp_mq_threshold
        variable (bsc#1154601).
    
      - scsi: lpfc: revise nvme max queues to be hdwq count
        (bsc#1154601).
    
      - scsi: lpfc: Sync with FC-NVMe-2 SLER change to require
        Conf with SLER (bsc#1154601).
    
      - scsi: lpfc: Update lpfc version to 12.6.0.1
        (bsc#1154601).
    
      - scsi: lpfc: Update lpfc version to 12.6.0.2
        (bsc#1154601).
    
      - scsi: lpfc: use hdwq assigned cpu for allocation
        (bsc#1157160).
    
      - scsi: qla2xxx: Add debug dump of LOGO payload and ELS
        IOCB (bsc#1157424, bsc#1157908. bsc#1117169,
        bsc#1151548).
    
      - scsi: qla2xxx: Allow PLOGI in target mode (bsc#1157424,
        bsc#1157908. bsc#1117169, bsc#1151548).
    
      - scsi: qla2xxx: Change discovery state before PLOGI
        (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
    
      - scsi: qla2xxx: Configure local loop for N2N target
        (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
    
      - scsi: qla2xxx: Do not call qlt_async_event twice
        (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
    
      - scsi: qla2xxx: Do not defer relogin unconditonally
        (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
    
      - scsi: qla2xxx: Drop superfluous INIT_WORK of del_work
        (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
    
      - scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump
        length (bsc#1157424, bsc#1157908. bsc#1117169,
        bsc#1151548).
    
      - scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI
        (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
    
      - scsi: qla2xxx: fix rports not being mark as lost in sync
        fabric scan (bsc#1138039).
    
      - scsi: qla2xxx: Ignore NULL pointer in
        tcm_qla2xxx_free_mcmd (bsc#1157424, bsc#1157908.
        bsc#1117169, bsc#1151548).
    
      - scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI
        (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
    
      - scsi: qla2xxx: Initialize free_work before flushing it
        (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
    
      - scsi: qla2xxx: Send Notify ACK after N2N PLOGI
        (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
    
      - scsi: qla2xxx: unregister ports after GPN_FT failure
        (bsc#1138039).
    
      - scsi: qla2xxx: Use correct number of vectors for online
        CPUs (bsc#1137223).
    
      - scsi: qla2xxx: Use explicit LOGO in target mode
        (bsc#1157424, bsc#1157908. bsc#1117169, bsc#1151548).
    
      - scsi: zfcp: fix request object use-after-free in send
        path causing wrong traces (bsc#1051510).
    
      - sctp: change sctp_prot .no_autobind with true
        (networking-stable-19_10_24).
    
      - sctp: fix SCTP regression (bsc#1158082)
        (networking-stable-19_10_24 bsc#1158082).
    
      - selftests: net: reuseport_dualstack: fix uninitalized
        parameter (networking-stable-19_11_05).
    
      - serial: mxs-auart: Fix potential infinite loop
        (bsc#1051510).
    
      - serial: samsung: Enable baud clock for UART reset
        procedure in resume (bsc#1051510).
    
      - serial: uartps: Fix suspend functionality (bsc#1051510).
    
      - signal: Properly set TRACE_SIGNAL_LOSE_INFO in
        __send_signal (bsc#1157463).
    
      - slcan: Fix memory leak in error path (bsc#1051510).
    
      - slip: Fix memory leak in slip_open error path
        (bsc#1051510).
    
      - slip: Fix use-after-free Read in slip_open
        (bsc#1051510).
    
      - smb3: fix leak in 'open on server' perf counter
        (bsc#1144333, bsc#1154355).
    
      - smb3: fix signing verification of large reads
        (bsc#1144333, bsc#1154355).
    
      - smb3: fix unmount hang in open_shroot (bsc#1144333,
        bsc#1154355).
    
      - smb3: improve handling of share deleted (and share
        recreated) (bsc#1144333, bsc#1154355).
    
      - smb3: Incorrect size for netname negotiate context
        (bsc#1144333, bsc#1154355).
    
      - soc: imx: gpc: fix PDN delay (bsc#1051510).
    
      - soc: qcom: wcnss_ctrl: Avoid string overflow
        (bsc#1051510).
    
      - Sort series.conf.
    
      - spi: atmel: Fix CS high support (bsc#1051510).
    
      - spi: atmel: fix handling of cs_change set on non-last
        xfer (bsc#1051510).
    
      - spi: fsl-lpspi: Prevent FIFO under/overrun by default
        (bsc#1051510).
    
      - spi: mediatek: Do not modify spi_transfer when transfer
        (bsc#1051510).
    
      - spi: mediatek: use correct mata->xfer_len when in fifo
        transfer (bsc#1051510).
    
      - spi: pic32: Use proper enum in dmaengine_prep_slave_rg
        (bsc#1051510).
    
      - spi: rockchip: initialize dma_slave_config properly
        (bsc#1051510).
    
      - spi: spidev: Fix OF tree warning logic (bsc#1051510).
    
      - supported.conf :
    
      - synclink_gt(): fix compat_ioctl() (bsc#1051510).
    
      - tcp_nv: fix potential integer overflow in tcpnv_acked
        (bsc#1051510).
    
      - thunderbolt: Fix lockdep circular locking depedency
        warning (git-fixes).
    
      - tipc: Avoid copying bytes beyond the supplied data
        (bsc#1051510).
    
      - tipc: check bearer name with right length in
        tipc_nl_compat_bearer_enable (bsc#1051510).
    
      - tipc: check link name with right length in
        tipc_nl_compat_link_set (bsc#1051510).
    
      - tipc: check msg->req data len in
        tipc_nl_compat_bearer_disable (bsc#1051510).
    
      - tipc: compat: allow tipc commands without arguments
        (bsc#1051510).
    
      - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer()
        error path (bsc#1051510).
    
      - tipc: fix wrong timeout input for tipc_wait_for_cond()
        (bsc#1051510).
    
      - tipc: handle the err returned from cmd header function
        (bsc#1051510).
    
      - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
        (bsc#1051510).
    
      - tipc: tipc clang warning (bsc#1051510).
    
      - tools: bpftool: fix arguments for p_err() in
        do_event_pipe() (bsc#1109837).
    
      - tools/power/x86/intel-speed-select: Fix a read overflow
        in isst_set_tdp_level_msr() (bsc#1111666).
    
      - tpm: add check after commands attribs tab allocation
        (bsc#1051510).
    
      - tty: serial: fsl_lpuart: use the sg count from
        dma_map_sg (bsc#1051510).
    
      - tty: serial: imx: use the sg count from dma_map_sg
        (bsc#1051510).
    
      - tty: serial: msm_serial: Fix flow control (bsc#1051510).
    
      - tty: serial: pch_uart: correct usage of dma_unmap_sg
        (bsc#1051510).
    
      - tun: fix data-race in gro_normal_list() (bsc#1111666).
    
      - UAS: Revert commit 3ae62a42090f ('UAS: fix alignment of
        scatter/gather segments').
    
      - ubifs: Correctly initialize c->min_log_bytes
        (bsc#1158641).
    
      - ubifs: Limit the number of pages in shrink_liability
        (bsc#1158643).
    
      - udp: use skb_queue_empty_lockless()
        (networking-stable-19_11_05).
    
      - Update
        patches.suse/ipv6-defrag-drop-non-last-frags-smaller-tha
        n-min-mtu.patch (add bsc#1141054).
    
      - Update
        patches.suse/RDMA-Fix-goto-target-to-release-the-allocat
        ed-memory.patch (bsc#1050244 FATE#322915 bsc#1157171
        CVE-2019-19077).
    
      - USB: chaoskey: fix error case of a timeout (git-fixes).
    
      - usb: chipidea: Fix otg event handler (bsc#1051510).
    
      - usb: chipidea: imx: enable OTG overcurrent in case USB
        subsystem is already started (bsc#1051510).
    
      - usb: dwc3: gadget: Check ENBLSLPM before sending ep
        command (bsc#1051510).
    
      - usb: gadget: udc: fotg210-udc: Fix a
        sleep-in-atomic-context bug in fotg210_get_status()
        (bsc#1051510).
    
      - usb: gadget: uvc: configfs: Drop leaked references to
        config items (bsc#1051510).
    
      - usb: gadget: uvc: configfs: Prevent format changes after
        linking header (bsc#1051510).
    
      - usb: gadget: uvc: Factor out video USB request queueing
        (bsc#1051510).
    
      - usb: gadget: uvc: Only halt video streaming endpoint in
        bulk mode (bsc#1051510).
    
      - USBIP: add config dependency for SGL_ALLOC (git-fixes).
    
      - usbip: Fix free of unallocated memory in vhci tx
        (git-fixes).
    
      - usbip: Fix vhci_urb_enqueue() URB null transfer buffer
        error path (git-fixes).
    
      - usbip: Implement SG support to vhci-hcd and stub driver
        (git-fixes).
    
      - usbip: tools: fix fd leakage in the function of
        read_attr_usbip_status (git-fixes).
    
      - USB: misc: appledisplay: fix backlight update_status
        return code (bsc#1051510).
    
      - usb-serial: cp201x: support Mark-10 digital force gauge
        (bsc#1051510).
    
      - USB: serial: mos7720: fix remote wakeup (git-fixes).
    
      - USB: serial: mos7840: add USB ID to support Moxa UPort
        2210 (bsc#1051510).
    
      - USB: serial: mos7840: fix remote wakeup (git-fixes).
    
      - USB: serial: option: add support for DW5821e with eSIM
        support (bsc#1051510).
    
      - USB: serial: option: add support for Foxconn T77W968 LTE
        modules (bsc#1051510).
    
      - usb: xhci-mtk: fix ISOC error when interval is zero
        (bsc#1051510).
    
      - vfio-ccw: Fix misleading comment when setting
        orb.cmd.c64 (bsc#1051510).
    
      - vfio: ccw: push down unsupported IDA check (bsc#1156471
        LTC#182362).
    
      - vfio-ccw: Set pa_nr to 0 if memory allocation fails for
        pa_iova_pfn (bsc#1051510).
    
      - video/hdmi: Fix AVI bar unpack (git-fixes).
    
      - virtio_console: allocate inbufs in add_port() only if it
        is needed (git-fixes).
    
      - virtio_ring: fix return code on DMA mapping fails
        (git-fixes).
    
      - virtio/s390: fix race on airq_areas (bsc#1051510).
    
      - vmxnet3: turn off lro when rxcsum is disabled
        (bsc#1157499).
    
      - vsock/virtio: fix sock refcnt holding during the
        shutdown (git-fixes).
    
      - watchdog: meson: Fix the wrong value of left time
        (bsc#1051510).
    
      - wil6210: drop Rx multicast packets that are looped-back
        to STA (bsc#1111666).
    
      - wil6210: fix debugfs memory access alignment
        (bsc#1111666).
    
      - wil6210: fix invalid memory access for rx_buff_mgmt
        debugfs (bsc#1111666).
    
      - wil6210: fix L2 RX status handling (bsc#1111666).
    
      - wil6210: fix locking in wmi_call (bsc#1111666).
    
      - wil6210: fix RGF_CAF_ICR address for Talyn-MB
        (bsc#1111666).
    
      - wil6210: prevent usage of tx ring 0 for eDMA
        (bsc#1111666).
    
      - wil6210: set edma variables only for Talyn-MB devices
        (bsc#1111666).
    
      - x86/alternatives: Add int3_emulate_call() selftest
        (bsc#1153811).
    
      - x86/alternatives: Fix int3_emulate_call() selftest stack
        corruption (bsc#1153811).
    
      - x86/mm/pkeys: Fix typo in
        Documentation/x86/protection-keys.txt (bsc#1078248).
    
      - x86/mm/pkeys: Fix typo in
        Documentation/x86/protection-keys.txt (FATE#322447,
        bsc#1078248).
    
      - x86/pkeys: Update documentation about availability
        (bsc#1078248).
    
      - x86/pkeys: Update documentation about availability
        (FATE#322447, bsc#1078248).
    
      - x86/resctrl: Fix potential lockdep warning
        (bsc#1114279).
    
      - x86/resctrl: Prevent NULL pointer dereference when
        reading mondata (bsc#1114279).
    
      - x86/speculation/taa: Fix printing of TAA_MSG_SMT on
        IBRS_ALL CPUs (bsc#1158068).
    
      - xfrm: fix sa selector validation (bsc#1156609).
    
      - xfrm: Fix xfrm sel prefix length validation (git-fixes).
    
      - xfs: Sanity check flags of Q_XQUOTARM call
        (bsc#1158652).
    
      - xsk: Fix registration of Rx-only sockets (bsc#1109837).
    
      - xsk: relax UMEM headroom alignment (bsc#1109837)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1078248"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1091041"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1108043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112374"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113956"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119113"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126390"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127354"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127371"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129770"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134983"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137236"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138039"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1140948"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141054"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142635"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142924"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1146544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149448"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1151067"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1151548"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1151900"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1153628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1153811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1154043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1154058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1154355"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1154601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1155689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1155897"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1155921"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156258"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156466"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156494"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156609"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156928"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157032"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157044"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157045"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157070"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157145"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157158"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157160"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157171"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157178"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157182"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157184"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157191"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157193"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157298"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157304"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157386"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157499"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157678"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157908"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158063"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158065"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158067"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158068"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158071"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158381"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158394"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158398"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158407"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158413"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158417"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158637"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158639"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158640"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158641"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158643"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158646"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158649"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158652"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-base-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-base-debuginfo-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-debuginfo-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-debugsource-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-devel-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-devel-debuginfo-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-base-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-base-debuginfo-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-debuginfo-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-debugsource-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-devel-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-devel-debuginfo-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-devel-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-docs-html-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-base-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-debugsource-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-devel-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-macros-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-build-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-build-debugsource-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-qa-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-source-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-source-vanilla-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-syms-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-base-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-debuginfo-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-debugsource-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-devel-4.12.14-lp151.28.36.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.36.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2522.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2522 advisory. - kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191) - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382) - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) - kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901) - kernel: brcmfmac frame validation bypass (CVE-2019-9503) - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-12
    modified2020-06-11
    plugin id137363
    published2020-06-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137363
    titleRHEL 7 : kernel (RHSA-2020:2522)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:2522. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(137363);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/17");
    
      script_cve_id(
        "CVE-2017-18595",
        "CVE-2018-7191",
        "CVE-2018-20169",
        "CVE-2019-3901",
        "CVE-2019-9503",
        "CVE-2019-10639",
        "CVE-2019-12382",
        "CVE-2019-13233",
        "CVE-2019-14283",
        "CVE-2019-15916",
        "CVE-2019-19768",
        "CVE-2020-10711"
      );
      script_bugtraq_id(
        89937,
        108011,
        108380,
        108474,
        109055
      );
      script_xref(name:"RHSA", value:"2020:2522");
    
      script_name(english:"RHEL 7 : kernel (RHSA-2020:2522)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:2522 advisory.
    
      - kernel: double free may be caused by the function
        allocate_trace_buffer in the file kernel/trace/trace.c
        (CVE-2017-18595)
    
      - kernel: usb: missing size check in the
        __usb_get_extra_descriptor() leading to DoS
        (CVE-2018-20169)
    
      - kernel: denial of service via ioctl call in network tun
        handling (CVE-2018-7191)
    
      - Kernel: net: using kernel space address bits to derive
        IP ID may potentially break KASLR (CVE-2019-10639)
    
      - kernel: unchecked kstrdup of fwstr in
        drm_load_edid_firmware leads to denial of service
        (CVE-2019-12382)
    
      - kernel: use-after-free in arch/x86/lib/insn-eval.c
        (CVE-2019-13233)
    
      - kernel: integer overflow and OOB read in
        drivers/block/floppy.c (CVE-2019-14283)
    
      - kernel: memory leak in register_queue_kobjects() in
        net/core/net-sysfs.c leads to denial of service
        (CVE-2019-15916)
    
      - kernel: use-after-free in __blk_add_trace in
        kernel/trace/blktrace.c (CVE-2019-19768)
    
      - kernel: perf_event_open() and execve() race in setuid
        programs allows a data leak (CVE-2019-3901)
    
      - kernel: brcmfmac frame validation bypass (CVE-2019-9503)
    
      - Kernel: NetLabel: null pointer dereference while
        receiving CIPSO packet with null category may cause
        kernel panic (CVE-2020-10711)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/476.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/200.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/253.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/476.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/190.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/125.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/362.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/476.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2522");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2017-18595");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-20169");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-7191");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-10639");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-12382");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-13233");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-14283");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-15916");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19768");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-3901");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-9503");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-10711");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1660385");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1701245");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1701842");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1715554");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1716328");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1727756");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1729933");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1734243");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1750813");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1758671");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1786164");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1825116");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9503");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(20, 125, 190, 200, 253, 362, 400, 416, 476, 787);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/11");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.6::computenode");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.7::computenode");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.7::server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    include('ksplice.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7\.7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    if (get_one_kb_item('Host/ksplice/kernel-cves'))
    {
      rm_kb_item(name:'Host/uptrack-uname-r');
      cve_list = make_list('CVE-2017-18595', 'CVE-2018-7191', 'CVE-2018-20169', 'CVE-2019-3901', 'CVE-2019-9503', 'CVE-2019-10639', 'CVE-2019-12382', 'CVE-2019-13233', 'CVE-2019-14283', 'CVE-2019-15916', 'CVE-2019-19768', 'CVE-2020-10711');
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:2522');
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    pkgs = [
        {'reference':'bpftool-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7'},
        {'reference':'bpftool-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7'},
        {'reference':'kernel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7'},
        {'reference':'kernel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7'},
        {'reference':'kernel-abi-whitelists-3.10.0-1062.26.1.el7', 'sp':'7', 'release':'7'},
        {'reference':'kernel-debug-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7'},
        {'reference':'kernel-debug-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7'},
        {'reference':'kernel-debug-devel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7'},
        {'reference':'kernel-debug-devel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7'},
        {'reference':'kernel-devel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7'},
        {'reference':'kernel-devel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7'},
        {'reference':'kernel-headers-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7'},
        {'reference':'kernel-headers-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7'},
        {'reference':'kernel-kdump-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7'},
        {'reference':'kernel-kdump-devel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7'},
        {'reference':'kernel-tools-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7'},
        {'reference':'kernel-tools-libs-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7'},
        {'reference':'kernel-tools-libs-devel-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7'},
        {'reference':'perf-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7'},
        {'reference':'perf-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7'},
        {'reference':'python-perf-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'s390x', 'release':'7'},
        {'reference':'python-perf-3.10.0-1062.26.1.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      allowmaj = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3317-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407). CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381). CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). CVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure (bnc#1157304). CVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157032). CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). CVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157045). CVE-2019-19080: Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157044). CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070). CVE-2019-19083: Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c (bnc#1157049). CVE-2019-19082: Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c (bnc#1157046). CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). CVE-2019-0154: Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1135966). CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132237
    published2019-12-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132237
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3317-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:3317-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132237);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/20");
    
      script_cve_id("CVE-2019-0154", "CVE-2019-14895", "CVE-2019-14901", "CVE-2019-15916", "CVE-2019-16231", "CVE-2019-17055", "CVE-2019-18660", "CVE-2019-18683", "CVE-2019-18805", "CVE-2019-18809", "CVE-2019-19046", "CVE-2019-19049", "CVE-2019-19052", "CVE-2019-19056", "CVE-2019-19057", "CVE-2019-19058", "CVE-2019-19060", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19065", "CVE-2019-19067", "CVE-2019-19068", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19075", "CVE-2019-19077", "CVE-2019-19078", "CVE-2019-19080", "CVE-2019-19081", "CVE-2019-19082", "CVE-2019-19083", "CVE-2019-19227", "CVE-2019-19524", "CVE-2019-19525", "CVE-2019-19528", "CVE-2019-19529", "CVE-2019-19530", "CVE-2019-19531", "CVE-2019-19534", "CVE-2019-19536", "CVE-2019-19543");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3317-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2019-19531: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/usb/misc/yurex.c driver
    (bnc#1158445).
    
    CVE-2019-19543: There was a use-after-free in serial_ir_init_module()
    in drivers/media/rc/serial_ir.c (bnc#1158427).
    
    CVE-2019-19525: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/net/ieee802154/atusb.c driver
    (bnc#1158417).
    
    CVE-2019-19530: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/usb/class/cdc-acm.c driver
    (bnc#1158410).
    
    CVE-2019-19536: There was an info-leak bug that can be caused by a
    malicious USB device in the
    drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).
    
    CVE-2019-19524: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/input/ff-memless.c driver
    (bnc#1158413).
    
    CVE-2019-19528: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/usb/misc/iowarrior.c driver
    (bnc#1158407).
    
    CVE-2019-19534: There was an info-leak bug that can be caused by a
    malicious USB device in the
    drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).
    
    CVE-2019-19529: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/net/can/usb/mcba_usb.c driver
    (bnc#1158381).
    
    CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in
    Marvell WiFi chip driver. The vulnerability allowed a remote attacker
    to cause a system crash, resulting in a denial of service, or execute
    arbitrary code. The highest threat with this vulnerability is with the
    availability of the system. If code execution occurs, the code will
    run with the permissions of root. This will affect both
    confidentiality and integrity of files on the system (bnc#1157042).
    
    CVE-2019-14895: A heap-based buffer overflow was discovered in the
    Linux kernel in Marvell WiFi chip driver. The flaw could occur when
    the station attempts a connection negotiation during the handling of
    the remote devices country settings. This could have allowed the
    remote device to cause a denial of service (system crash) or possibly
    execute arbitrary code (bnc#1157158).
    
    CVE-2019-18660: The Linux kernel on powerpc allowed Information
    Exposure because the Spectre-RSB mitigation is not in place for all
    applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and
    arch/powerpc/kernel/security.c (bnc#1157038).
    
    CVE-2019-18683: An issue was discovered in
    drivers/media/platform/vivid in the Linux kernel. It is exploitable
    for privilege escalation on some Linux distributions where local users
    have /dev/video0 access, but only if the driver happens to be loaded.
    There are multiple race conditions during streaming stopping in this
    driver (part of the V4L2 subsystem). These issues are caused by wrong
    mutex locking in vivid_stop_generating_vid_cap(),
    vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the
    corresponding kthreads. At least one of these race conditions leads to
    a use-after-free (bnc#1155897).
    
    CVE-2019-18809: A memory leak in the af9005_identify_state() function
    in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption)
    (bnc#1156258).
    
    CVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in
    drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption) by
    triggering ida_simple_get() failure (bnc#1157304).
    
    CVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function
    in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption) by
    triggering usb_submit_urb() failures (bnc#1157032).
    
    CVE-2019-19062: A memory leak in the crypto_report() function in
    crypto/crypto_user_base.c in the Linux kernel allowed attackers to
    cause a denial of service (memory consumption) by triggering
    crypto_report_alg() failures (bnc#1157333).
    
    CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring()
    function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux
    kernel allowed attackers to cause a denial of service (memory
    consumption) by triggering mwifiex_map_pci_memory() failures
    (bnc#1157197).
    
    CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf()
    function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux
    kernel allowed attackers to cause a denial of service (memory
    consumption) by triggering mwifiex_map_pci_memory() failures
    (bnc#1157197).
    
    CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb()
    function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in
    the Linux kernel allowed attackers to cause a denial of service
    (memory consumption) by triggering usb_submit_urb() failures
    (bnc#1157307).
    
    CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in
    drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption)
    (bnc#1157298).
    
    CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there
    was a potential NULL pointer dereference because register_snap_client
    may return NULL. This will lead to denial of service in
    net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by
    unregister_snap_client (bnc#1157678).
    
    CVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs()
    function in drivers/net/ethernet/netronome/nfp/flower/main.c in the
    Linux kernel allowed attackers to cause a denial of service (memory
    consumption) (bnc#1157045).
    
    CVE-2019-19080: Four memory leaks in the nfp_flower_spawn_phy_reprs()
    function in drivers/net/ethernet/netronome/nfp/flower/main.c in the
    Linux kernel allowed attackers to cause a denial of service (memory
    consumption) (bnc#1157044).
    
    CVE-2019-19065: A memory leak in the sdma_init() function in
    drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption) by
    triggering rhashtable_init() failures (bnc#1157191).
    
    CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in
    drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption) by
    triggering copy to udata failures (bnc#1157171).
    
    CVE-2019-19052: A memory leak in the gs_can_open() function in
    drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to
    cause a denial of service (memory consumption) by triggering
    usb_submit_urb() failures (bnc#1157324).
    
    CVE-2019-19067: Four memory leaks in the acp_hw_init() function in
    drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption) by
    triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures
    (bsc#1157180).
    
    CVE-2019-19060: A memory leak in the adis_update_scan_mode() function
    in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers
    to cause a denial of service (memory consumption) (bnc#1157178).
    
    CVE-2019-19049: A memory leak in the unittest_data_add() function in
    drivers/of/unittest.c in the Linux kernel allowed attackers to cause a
    denial of service (memory consumption) by triggering
    of_fdt_unflatten_tree() failures (bsc#1157173).
    
    CVE-2019-19075: A memory leak in the ca8210_probe() function in
    drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers
    to cause a denial of service (memory consumption) by triggering
    ca8210_get_platform_data() failures (bnc#1157162).
    
    CVE-2019-19058: A memory leak in the alloc_sgtable() function in
    drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel
    allowed attackers to cause a denial of service (memory consumption) by
    triggering alloc_page() failures (bnc#1157145).
    
    CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in
    drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption)
    (bnc#1157143).
    
    CVE-2019-19073: Memory leaks in
    drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption) by
    triggering wait_for_completion_timeout() failures. This affects the
    htc_config_pipe_credits() function, the htc_setup_complete() function,
    and the htc_connect_service() function (bnc#1157070).
    
    CVE-2019-19083: Memory leaks in *clock_source_create() functions under
    drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers
    to cause a denial of service (memory consumption). This affects the
    dce112_clock_source_create() function in
    drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the
    dce100_clock_source_create() function in
    drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the
    dcn10_clock_source_create() function in
    drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the
    dcn20_clock_source_create() function in
    drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the
    dce120_clock_source_create() function in
    drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the
    dce110_clock_source_create() function in
    drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the
    dce80_clock_source_create() function in
    drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c (bnc#1157049).
    
    CVE-2019-19082: Memory leaks in *create_resource_pool() functions
    under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption). This
    affects the dce120_create_resource_pool() function in
    drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the
    dce110_create_resource_pool() function in
    drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the
    dce100_create_resource_pool() function in
    drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the
    dcn10_create_resource_pool() function in
    drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the
    dce112_create_resource_pool() function in
    drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c (bnc#1157046).
    
    CVE-2019-15916: An issue was discovered in the Linux kernel There was
    a memory leak in register_queue_kobjects() in net/core/net-sysfs.c,
    which will cause denial of service (bnc#1149448).
    
    CVE-2019-0154: Insufficient access control in subsystem for Intel (R)
    processor graphics in 6th, 7th, 8th and 9th Generation Intel(R)
    Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N,
    Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and
    G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R)
    Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may
    have allowed an authenticated user to potentially enable denial of
    service via local access (bnc#1135966).
    
    CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel
    5.2.14 did not check the alloc_workqueue return value, leading to a
    NULL pointer dereference (bnc#1150466).
    
    CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c
    in the Linux kernel There was a net/ipv4/tcp_input.c signed integer
    overflow in tcp_ack_update_rtt() when userspace writes a very large
    integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of
    service or possibly unspecified other impact (bnc#1156187).
    
    CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the
    AF_ISDN network module in the Linux kernel did not enforce
    CAP_NET_RAW, which means that unprivileged users can create a raw
    socket (bnc#1152782).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048942"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1071995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1078248"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082635"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1089644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1091041"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103991"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104353"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111666"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112178"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112374"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113956"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1118661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119113"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126390"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127354"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127371"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134983"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135966"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137236"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138039"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140948"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1142095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1142635"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1142924"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143706"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149448"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150466"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151067"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151548"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151900"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152782"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154124"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154355"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154526"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155021"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155692"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155836"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155897"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155921"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156187"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156258"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156466"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156494"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156609"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156928"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157032"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157044"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157045"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157070"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157145"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157158"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157160"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157171"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157178"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157182"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157184"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157191"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157193"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157298"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157304"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157386"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157499"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157678"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157908"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158063"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158065"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158067"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158068"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158071"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158381"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158394"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158398"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158407"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158413"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158417"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0154/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14895/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14901/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15916/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16231/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17055/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-18660/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-18683/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-18805/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-18809/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19046/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19049/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19052/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19056/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19057/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19058/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19060/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19062/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19063/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19065/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19067/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19068/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19073/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19074/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19075/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19077/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19078/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19080/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19081/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19082/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19083/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19227/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19524/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19525/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19528/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19529/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19530/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19531/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19534/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19536/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19543/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20193317-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?821143ca"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 15-SP1 :
    
    zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-3317=1
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15-SP1 :
    
    zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-3317=1
    
    SUSE Linux Enterprise Module for Live Patching 15-SP1 :
    
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-3317=1
    
    SUSE Linux Enterprise Module for Legacy Software 15-SP1 :
    
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-3317=1
    
    SUSE Linux Enterprise Module for Development Tools 15-SP1 :
    
    zypper in -t patch
    SUSE-SLE-Module-Development-Tools-15-SP1-2019-3317=1
    
    SUSE Linux Enterprise Module for Basesystem 15-SP1 :
    
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-3317=1
    
    SUSE Linux Enterprise High Availability 15-SP1 :
    
    zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-3317=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-livepatch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-base-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-debug-livepatch-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-base-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-livepatch-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-default-livepatch-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-man-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-default-man-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-obs-qa-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-base-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-base-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-devel-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-vanilla-livepatch-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kselftests-kmp-default-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kselftests-kmp-default-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"reiserfs-kmp-default-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"reiserfs-kmp-default-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-obs-build-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-obs-build-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-syms-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-base-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-base-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"kernel-default-devel-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-base-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-debug-livepatch-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-base-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"kernel-kvmsmall-livepatch-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-default-livepatch-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-man-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-default-man-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"s390x", reference:"kernel-zfcpdump-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-obs-qa-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-base-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-base-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-devel-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-vanilla-livepatch-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kselftests-kmp-default-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kselftests-kmp-default-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-obs-build-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-obs-build-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-syms-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-base-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-base-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-debuginfo-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-debugsource-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-devel-4.12.14-197.29.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"kernel-default-devel-debuginfo-4.12.14-197.29.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3316-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel-azure was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-19051: There was a memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1159024). CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bnc#1158954). CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bnc#1158827). CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer (bnc#1158904). CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903). CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900). CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#1158893). CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834). CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824). CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bnc#1158381 1158823 1158834). CVE-2019-15213: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407). CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381). CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). CVE-2019-19073: Fixed memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070). CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). CVE-2019-0154: Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1135966). CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132236
    published2019-12-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132236
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:3316-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:3316-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132236);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/20");
    
      script_cve_id("CVE-2019-0154", "CVE-2019-14895", "CVE-2019-14901", "CVE-2019-15213", "CVE-2019-15916", "CVE-2019-16231", "CVE-2019-18660", "CVE-2019-18683", "CVE-2019-18809", "CVE-2019-19049", "CVE-2019-19051", "CVE-2019-19052", "CVE-2019-19056", "CVE-2019-19057", "CVE-2019-19058", "CVE-2019-19060", "CVE-2019-19062", "CVE-2019-19063", "CVE-2019-19065", "CVE-2019-19067", "CVE-2019-19068", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19075", "CVE-2019-19077", "CVE-2019-19227", "CVE-2019-19332", "CVE-2019-19338", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19525", "CVE-2019-19526", "CVE-2019-19527", "CVE-2019-19528", "CVE-2019-19529", "CVE-2019-19530", "CVE-2019-19531", "CVE-2019-19532", "CVE-2019-19533", "CVE-2019-19534", "CVE-2019-19535", "CVE-2019-19536", "CVE-2019-19537", "CVE-2019-19543");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3316-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP4 kernel-azure was updated to receive
    various security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2019-19051: There was a memory leak in the
    i2400m_op_rfkill_sw_toggle() function in
    drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption)
    (bnc#1159024).
    
    CVE-2019-19338: There was an incomplete fix for Transaction
    Asynchronous Abort (TAA) (bnc#1158954).
    
    CVE-2019-19332: There was an OOB memory write via
    kvm_dev_ioctl_get_cpuid (bnc#1158827).
    
    CVE-2019-19537: There was a race condition bug that can be caused by a
    malicious USB device in the USB character device driver layer
    (bnc#1158904).
    
    CVE-2019-19535: There was an info-leak bug that can be caused by a
    malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c
    driver (bnc#1158903).
    
    CVE-2019-19527: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/hid/usbhid/hiddev.c driver
    (bnc#1158900).
    
    CVE-2019-19526: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/nfc/pn533/usb.c driver
    (bnc#1158893).
    
    CVE-2019-19533: There was an info-leak bug that can be caused by a
    malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c
    driver (bnc#1158834).
    
    CVE-2019-19532: There were multiple out-of-bounds write bugs that can
    be caused by a malicious USB device in the Linux kernel HID drivers
    (bnc#1158824).
    
    CVE-2019-19523: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/usb/misc/adutux.c driver, aka
    CID-44efc269db79 (bnc#1158381 1158823 1158834).
    
    CVE-2019-15213: There was a use-after-free caused by a malicious USB
    device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver
    (bnc#1146544).
    
    CVE-2019-19531: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/usb/misc/yurex.c driver
    (bnc#1158445).
    
    CVE-2019-19543: There was a use-after-free in serial_ir_init_module()
    in drivers/media/rc/serial_ir.c (bnc#1158427).
    
    CVE-2019-19525: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/net/ieee802154/atusb.c driver
    (bnc#1158417).
    
    CVE-2019-19530: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/usb/class/cdc-acm.c driver
    (bnc#1158410).
    
    CVE-2019-19536: There was an info-leak bug that can be caused by a
    malicious USB device in the
    drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394).
    
    CVE-2019-19524: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/input/ff-memless.c driver
    (bnc#1158413).
    
    CVE-2019-19528: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/usb/misc/iowarrior.c driver
    (bnc#1158407).
    
    CVE-2019-19534: There was an info-leak bug that can be caused by a
    malicious USB device in the
    drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398).
    
    CVE-2019-19529: There was a use-after-free bug that can be caused by a
    malicious USB device in the drivers/net/can/usb/mcba_usb.c driver
    (bnc#1158381).
    
    CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in
    Marvell WiFi chip driver. The vulnerability allowed a remote attacker
    to cause a system crash, resulting in a denial of service, or execute
    arbitrary code. The highest threat with this vulnerability is with the
    availability of the system. If code execution occurs, the code will
    run with the permissions of root. This will affect both
    confidentiality and integrity of files on the system (bnc#1157042).
    
    CVE-2019-14895: A heap-based buffer overflow was discovered in the
    Linux kernel in Marvell WiFi chip driver. The flaw could occur when
    the station attempts a connection negotiation during the handling of
    the remote devices country settings. This could have allowed the
    remote device to cause a denial of service (system crash) or possibly
    execute arbitrary code (bnc#1157158).
    
    CVE-2019-18660: The Linux kernel on powerpc allowed Information
    Exposure because the Spectre-RSB mitigation is not in place for all
    applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and
    arch/powerpc/kernel/security.c (bnc#1157038).
    
    CVE-2019-18683: An issue was discovered in
    drivers/media/platform/vivid in the Linux kernel. It is exploitable
    for privilege escalation on some Linux distributions where local users
    have /dev/video0 access, but only if the driver happens to be loaded.
    There are multiple race conditions during streaming stopping in this
    driver (part of the V4L2 subsystem). These issues are caused by wrong
    mutex locking in vivid_stop_generating_vid_cap(),
    vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the
    corresponding kthreads. At least one of these race conditions leads to
    a use-after-free (bnc#1155897).
    
    CVE-2019-18809: A memory leak in the af9005_identify_state() function
    in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption)
    (bnc#1156258).
    
    CVE-2019-19062: A memory leak in the crypto_report() function in
    crypto/crypto_user_base.c in the Linux kernel allowed attackers to
    cause a denial of service (memory consumption) by triggering
    crypto_report_alg() failures (bnc#1157333).
    
    CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring()
    function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux
    kernel allowed attackers to cause a denial of service (memory
    consumption) by triggering mwifiex_map_pci_memory() failures
    (bnc#1157197).
    
    CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf()
    function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux
    kernel allowed attackers to cause a denial of service (memory
    consumption) by triggering mwifiex_map_pci_memory() failures
    (bnc#1157197).
    
    CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb()
    function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in
    the Linux kernel allowed attackers to cause a denial of service
    (memory consumption) by triggering usb_submit_urb() failures
    (bnc#1157307).
    
    CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in
    drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption)
    (bnc#1157298).
    
    CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there
    was a potential NULL pointer dereference because register_snap_client
    may return NULL. This will lead to denial of service in
    net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by
    unregister_snap_client (bnc#1157678).
    
    CVE-2019-19065: A memory leak in the sdma_init() function in
    drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption) by
    triggering rhashtable_init() failures (bnc#1157191).
    
    CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in
    drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption) by
    triggering copy to udata failures (bnc#1157171).
    
    CVE-2019-19052: A memory leak in the gs_can_open() function in
    drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to
    cause a denial of service (memory consumption) by triggering
    usb_submit_urb() failures (bnc#1157324).
    
    CVE-2019-19067: Four memory leaks in the acp_hw_init() function in
    drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption) by
    triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures
    (bsc#1157180).
    
    CVE-2019-19060: A memory leak in the adis_update_scan_mode() function
    in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers
    to cause a denial of service (memory consumption) (bnc#1157178).
    
    CVE-2019-19049: A memory leak in the unittest_data_add() function in
    drivers/of/unittest.c in the Linux kernel allowed attackers to cause a
    denial of service (memory consumption) by triggering
    of_fdt_unflatten_tree() failures (bsc#1157173).
    
    CVE-2019-19075: A memory leak in the ca8210_probe() function in
    drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers
    to cause a denial of service (memory consumption) by triggering
    ca8210_get_platform_data() failures (bnc#1157162).
    
    CVE-2019-19058: A memory leak in the alloc_sgtable() function in
    drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel
    allowed attackers to cause a denial of service (memory consumption) by
    triggering alloc_page() failures (bnc#1157145).
    
    CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in
    drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed
    attackers to cause a denial of service (memory consumption)
    (bnc#1157143).
    
    CVE-2019-19073: Fixed memory leaks in
    drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a
    denial of service (memory consumption) by triggering
    wait_for_completion_timeout() failures (bnc#1157070).
    
    CVE-2019-15916: An issue was discovered in the Linux kernel There was
    a memory leak in register_queue_kobjects() in net/core/net-sysfs.c,
    which will cause denial of service (bnc#1149448).
    
    CVE-2019-0154: Insufficient access control in subsystem for Intel (R)
    processor graphics in 6th, 7th, 8th and 9th Generation Intel(R)
    Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N,
    Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and
    G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R)
    Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may
    have allowed an authenticated user to potentially enable denial of
    service via local access (bnc#1135966).
    
    CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel
    5.2.14 did not check the alloc_workqueue return value, leading to a
    NULL pointer dereference (bnc#1150466).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048942"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051510"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1071995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1078248"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1082635"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1083647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1089644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1090888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1091041"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1113722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1114279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1115026"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120853"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135966"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1138039"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140948"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1142095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1143706"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146519"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1146544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149448"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1150466"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151548"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151900"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152631"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153811"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154124"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154355"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154526"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155021"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155897"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1155921"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156258"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156466"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156494"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156609"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1156882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157070"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157145"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157158"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157171"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157178"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157182"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157184"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157191"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157193"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157298"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157499"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157678"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1157908"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158063"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158065"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158067"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158068"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158132"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158381"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158394"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158398"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158407"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158413"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158417"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158637"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158639"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158640"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158641"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158643"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158646"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158649"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158823"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158824"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158834"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158900"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158904"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158954"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1159024"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-0154/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14895/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14901/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15213/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15916/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16231/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-18660/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-18683/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-18809/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19049/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19051/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19052/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19056/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19057/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19058/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19060/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19062/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19063/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19065/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19067/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19068/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19073/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19074/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19075/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19077/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19227/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19332/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19338/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19523/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19524/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19525/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19526/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19527/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19528/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19529/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19530/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19531/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19532/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19533/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19534/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19535/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19536/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19537/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-19543/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20193316-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?995e0aad"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP4 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-3316=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-4.12.14-6.34.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-base-4.12.14-6.34.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-base-debuginfo-4.12.14-6.34.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-debuginfo-4.12.14-6.34.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-debugsource-4.12.14-6.34.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-azure-devel-4.12.14-6.34.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", cpu:"x86_64", reference:"kernel-syms-azure-4.12.14-6.34.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4836.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id130994
    published2019-11-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130994
    titleOracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4836)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from Oracle Linux
    # Security Advisory ELSA-2019-4836.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130994);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/17");
    
      script_cve_id("CVE-2018-12207", "CVE-2019-11135", "CVE-2019-14284", "CVE-2019-15916");
      script_xref(name:"IAVA", value:"2020-A-0325");
    
      script_name(english:"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4836)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Oracle Linux host is missing a security update for
    the Unbreakable Enterprise kernel package(s)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2019-November/009323.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11135");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/14");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-12207", "CVE-2019-11135", "CVE-2019-14284", "CVE-2019-15916");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2019-4836");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "4.14";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-4.14.35-1902.7.3.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-4.14.35-1902.7.3.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-devel-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-devel-4.14.35-1902.7.3.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-devel-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-devel-4.14.35-1902.7.3.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-doc-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-doc-4.14.35-1902.7.3.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-tools-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-tools-4.14.35-1902.7.3.el7uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0056.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - ocfs2: protect extent tree in ocfs2_prepare_inode_for_write (Shuning Zhang) [Orabug: 30036349] - ocfs2: direct-IO: protect get_blocks (Junxiao Bi) [Orabug: 30036349] - SUNRPC: Remove xprt_connect_status (Trond Myklebust) [Orabug: 30165838] - SUNRPC: Handle ENETDOWN errors (Trond Myklebust) [Orabug: 30165838] - vhost: make sure log_num < in_num (yongduan) [Orabug: 30312787] (CVE-2019-14835) - vhost: block speculation of translated descriptors (Michael S. Tsirkin) [Orabug: 30312787] (CVE-2019-14835) - vhost: Fix Spectre V1 vulnerability (Jason Wang) [Orabug: 30312787] - array_index_nospec: Sanitize speculative array de-references (Dan Williams) [Orabug: 30312787] - net: hsr: fix memory leak in hsr_dev_finalize (Mao Wenan) [Orabug: 30444853] (CVE-2019-16995) - ieee802154: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30444946] (CVE-2019-17053) - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445158] (CVE-2019-17055) - net: sit: fix memory leak in sit_init_net (Mao Wenan) [Orabug: 30445305] (CVE-2019-16994) - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490491] (CVE-2019-15213) - media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511741] (CVE-2019-15215) - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532774] (CVE-2019-15217) - target: Propagate backend read-only to core_tpg_add_lun (Nicholas Bellinger) [Orabug: 30538419] - kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth Ghatraju) [Orabug: 30539766] - cpu/speculation: Uninline and export CPU mitigations helpers (Kanth Ghatraju) [Orabug: 30539766] - rds: Use correct conn when dropping connections due to cancel (H&aring kon Bugge) [Orabug: 30316058] - rds: ib: Optimize rds_ib_laddr_check (H&aring kon Bugge) [Orabug: 30327671] - rds: Bring loop-back peer down as well (H&aring kon Bugge) [Orabug: 30271704] - rds: ib: Avoid connect retry on loopback connections (H&aring kon Bugge) - rds: ib: Qualify CM REQ duplicate detection with connection being up (H&aring kon Bugge) [Orabug: 30062150] - rds: Further prioritize local loop-back connections (H&aring kon Bugge) - rds: Fix initial zero delay when queuing re-connect work (H&aring kon Bugge) - rds: Re-introduce separate work-queue for local connections (H&aring kon Bugge) [Orabug: 30062150] - rds: Re-factor and avoid superfluous queuing of shutdown work (H&aring kon Bugge) [Orabug: 29994551] - rds: ib: Flush ARP cache when connection attempt is rejected (H&aring kon Bugge) [Orabug: 29994550] - rds: ib: Fix incorrect setting of cp_reconnect_racing (H&aring kon Bugge) - RDMA/cma: Make # CM retries configurable (H&aring kon Bugge) [Orabug: 29994555] - rds: Re-factor and avoid superfluous queuing of reconnect work (H&aring kon Bugge) [Orabug: 29994558] - rds: ib: Correct the cm_id compare commit (H&aring kon Bugge) [Orabug: 29994560] - rds: Increase entropy in hashing (H&aring kon Bugge) [Orabug: 29994561] - rds: ib: Resurrect the CQs instead of delete+create (H&aring kon Bugge) - rds: Avoid queuing superfluous send and recv work (H&aring kon Bugge) - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30517133] (CVE-2019-11135) - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30517133] (CVE-2019-11135) - x86/tsx: Add
    last seen2020-06-01
    modified2020-06-02
    plugin id131208
    published2019-11-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131208
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0056)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2019-0056.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131208);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/09");
    
      script_cve_id("CVE-2017-18551", "CVE-2018-12207", "CVE-2019-11135", "CVE-2019-14835", "CVE-2019-15213", "CVE-2019-15215", "CVE-2019-15217", "CVE-2019-15916", "CVE-2019-16994", "CVE-2019-16995", "CVE-2019-17053", "CVE-2019-17055");
    
      script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0056)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - ocfs2: protect extent tree in
        ocfs2_prepare_inode_for_write (Shuning Zhang) [Orabug:
        30036349]
    
      - ocfs2: direct-IO: protect get_blocks (Junxiao Bi)
        [Orabug: 30036349]
    
      - SUNRPC: Remove xprt_connect_status (Trond Myklebust)
        [Orabug: 30165838]
    
      - SUNRPC: Handle ENETDOWN errors (Trond Myklebust)
        [Orabug: 30165838]
    
      - vhost: make sure log_num < in_num (yongduan) [Orabug:
        30312787] (CVE-2019-14835)
    
      - vhost: block speculation of translated descriptors
        (Michael S. Tsirkin) [Orabug: 30312787] (CVE-2019-14835)
    
      - vhost: Fix Spectre V1 vulnerability (Jason Wang)
        [Orabug: 30312787]
    
      - array_index_nospec: Sanitize speculative array
        de-references (Dan Williams) [Orabug: 30312787]
    
      - net: hsr: fix memory leak in hsr_dev_finalize (Mao
        Wenan) [Orabug: 30444853] (CVE-2019-16995)
    
      - ieee802154: enforce CAP_NET_RAW for raw sockets (Ori
        Nimron) [Orabug: 30444946] (CVE-2019-17053)
    
      - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron)
        [Orabug: 30445158] (CVE-2019-17055)
    
      - net: sit: fix memory leak in sit_init_net (Mao Wenan)
        [Orabug: 30445305] (CVE-2019-16994)
    
      - media: dvb: usb: fix use after free in
        dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490491]
        (CVE-2019-15213)
    
      - media: cpia2_usb: first wake up, then free in disconnect
        (Oliver Neukum) [Orabug: 30511741] (CVE-2019-15215)
    
      - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in
        zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532774]
        (CVE-2019-15217)
    
      - target: Propagate backend read-only to core_tpg_add_lun
        (Nicholas Bellinger) [Orabug: 30538419]
    
      - kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth
        Ghatraju) [Orabug: 30539766]
    
      - cpu/speculation: Uninline and export CPU mitigations
        helpers (Kanth Ghatraju) [Orabug: 30539766]
    
      - rds: Use correct conn when dropping connections due to
        cancel (H&aring kon Bugge) [Orabug: 30316058]
    
      - rds: ib: Optimize rds_ib_laddr_check (H&aring kon Bugge)
        [Orabug: 30327671]
    
      - rds: Bring loop-back peer down as well (H&aring kon
        Bugge) [Orabug: 30271704]
    
      - rds: ib: Avoid connect retry on loopback connections
        (H&aring kon Bugge) 
    
      - rds: ib: Qualify CM REQ duplicate detection with
        connection being up (H&aring kon Bugge) [Orabug:
        30062150]
    
      - rds: Further prioritize local loop-back connections
        (H&aring kon Bugge) 
    
      - rds: Fix initial zero delay when queuing re-connect work
        (H&aring kon Bugge) 
    
      - rds: Re-introduce separate work-queue for local
        connections (H&aring kon Bugge) [Orabug: 30062150]
    
      - rds: Re-factor and avoid superfluous queuing of shutdown
        work (H&aring kon Bugge) [Orabug: 29994551]
    
      - rds: ib: Flush ARP cache when connection attempt is
        rejected (H&aring kon Bugge) [Orabug: 29994550]
    
      - rds: ib: Fix incorrect setting of cp_reconnect_racing
        (H&aring kon Bugge) 
    
      - RDMA/cma: Make # CM retries configurable (H&aring kon
        Bugge) [Orabug: 29994555]
    
      - rds: Re-factor and avoid superfluous queuing of
        reconnect work (H&aring kon Bugge) [Orabug: 29994558]
    
      - rds: ib: Correct the cm_id compare commit (H&aring kon
        Bugge) [Orabug: 29994560]
    
      - rds: Increase entropy in hashing (H&aring kon Bugge)
        [Orabug: 29994561]
    
      - rds: ib: Resurrect the CQs instead of delete+create
        (H&aring kon Bugge) 
    
      - rds: Avoid queuing superfluous send and recv work
        (H&aring kon Bugge) 
    
      - x86/tsx: Add config options to set tsx=on|off|auto
        (Michal Hocko) [Orabug: 30517133] (CVE-2019-11135)
    
      - x86/speculation/taa: Add documentation for TSX Async
        Abort (Pawan Gupta) [Orabug: 30517133] (CVE-2019-11135)
    
      - x86/tsx: Add 'auto' option to the tsx= cmdline parameter
        (Pawan Gupta) [Orabug: 30517133] (CVE-2019-11135)
    
      - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
        (Pawan Gupta) [Orabug: 30517133] (CVE-2019-11135)
    
      - x86/speculation/taa: Add sysfs reporting for TSX Async
        Abort (Pawan Gupta) [Orabug: 30517133] (CVE-2019-11135)
    
      - x86/speculation/taa: Add mitigation for TSX Async Abort
        (Kanth Ghatraju) [Orabug: 30517133] (CVE-2019-11135)
    
      - x86/cpu: Add a 'tsx=' cmdline option with TSX disabled
        by default (Pawan Gupta) [Orabug: 30517133]
        (CVE-2019-11135)
    
      - x86/cpu: Add a helper function x86_read_arch_cap_msr
        (Pawan Gupta) [Orabug: 30517133] (CVE-2019-11135)
    
      - x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta)
        [Orabug: 30517133] (CVE-2019-11135)
    
      - kvm: x86: mmu: Recovery of shattered NX large pages
        (Junaid Shahid) [Orabug: 30517059] (CVE-2018-12207)
    
      - kvm: Add helper function for creating VM worker threads
        (Junaid Shahid) [Orabug: 30517059] (CVE-2018-12207)
    
      - kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini)
        [Orabug: 30517059] (CVE-2018-12207)
    
      - KVM: x86: remove now unneeded hugepage gfn adjustment
        (Paolo Bonzini) [Orabug: 30517059] (CVE-2018-12207)
    
      - KVM: x86: make FNAME(fetch) and __direct_map more
        similar (Paolo Bonzini) [Orabug: 30517059]
        (CVE-2018-12207)
    
      - kvm: x86: Do not release the page inside mmu_set_spte
        (Junaid Shahid) [Orabug: 30517059] (CVE-2018-12207)
    
      - x86/cpu: Add Tremont to the cpu vulnerability whitelist
        (Pawan Gupta) [Orabug: 30517059] (CVE-2018-12207)
    
      - x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta)
        [Orabug: 30517059] (CVE-2018-12207)
    
      - KVM: x86: MMU: Move mapping_level_dirty_bitmap call in
        mapping_level (Takuya Yoshikawa) [Orabug: 30517059]
        (CVE-2018-12207)
    
      - Revert 'KVM: x86: use the fast way to invalidate all
        pages' (Sean Christopherson) [Orabug: 30517059]
        (CVE-2018-12207)
    
      - kvm: Convert kvm_lock to a mutex (Junaid Shahid)
        [Orabug: 30517059] (CVE-2018-12207)
    
      - KVM: x86: MMU: Simplify force_pt_level calculation code
        in FNAME(page_fault) (Takuya Yoshikawa) [Orabug:
        30517059] (CVE-2018-12207)
    
      - KVM: x86: MMU: Make force_pt_level bool (Takuya
        Yoshikawa) [Orabug: 30517059] (CVE-2018-12207)
    
      - KVM: x86: MMU: Remove unused parameter parent_pte from
        kvm_mmu_get_page (Takuya Yoshikawa) [Orabug: 30517059]
        (CVE-2018-12207)
    
      - KVM: x86: extend usage of RET_MMIO_PF_* constants (Paolo
        Bonzini) [Orabug: 30517059] (CVE-2018-12207)
    
      - KVM: x86: MMU: Make mmu_set_spte return emulate value
        (Takuya Yoshikawa) [Orabug: 30517059] (CVE-2018-12207)
    
      - KVM: x86: MMU: Move parent_pte handling from
        kvm_mmu_get_page to link_shadow_page (Takuya Yoshikawa)
        [Orabug: 30517059] (CVE-2018-12207)
    
      - KVM: x86: MMU: Move initialization of parent_ptes out
        from kvm_mmu_alloc_page (Takuya Yoshikawa) [Orabug:
        30517059] (CVE-2018-12207)
    
      - scsi: qla2xxx: Fix NULL pointer crash due to probe
        failure [Orabug: 30161119]
    
      - i2c: core-smbus: prevent stack corruption on read
        I2C_BLOCK_DATA (Jeremy Compostella) [Orabug: 30210503]
        (CVE-2017-18551)
    
      - scsi: qla2xxx: Ability to process multiple SGEs in
        Command SGL for CT passthrough commands. (Giridhar
        Malavali) [Orabug: 30256423]
    
      - net-sysfs: Fix mem leak in netdev_register_kobject
        (YueHaibing) [Orabug: 30350263] (CVE-2019-15916)
    
      - Drivers: hv: vmbus: add special crash handler (Vitaly
        Kuznetsov)"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2019-November/000968.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c252002b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14835");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-124.33.4.el6uek")) flag++;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-124.33.4.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4850.NASL
    descriptionDescription of changes: [4.1.12-124.33.4.el7uek] - ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() (Shuning Zhang) [Orabug: 30036349] - ocfs2: direct-IO: protect get_blocks (Junxiao Bi) [Orabug: 30036349] - SUNRPC: Remove xprt_connect_status() (Trond Myklebust) [Orabug: 30165838] - SUNRPC: Handle ENETDOWN errors (Trond Myklebust) [Orabug: 30165838] - vhost: make sure log_num < in_num (yongduan) [Orabug: 30312787] {CVE-2019-14835} - vhost: block speculation of translated descriptors (Michael S. Tsirkin) [Orabug: 30312787] {CVE-2019-14835} - vhost: Fix Spectre V1 vulnerability (Jason Wang) [Orabug: 30312787] - array_index_nospec: Sanitize speculative array de-references (Dan Williams) [Orabug: 30312787] - net: hsr: fix memory leak in hsr_dev_finalize() (Mao Wenan) [Orabug: 30444853] {CVE-2019-16995} - ieee802154: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30444946] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445158] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445305] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490491] {CVE-2019-15213} - media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511741] {CVE-2019-15215} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532774] {CVE-2019-15217} - target: Propagate backend read-only to core_tpg_add_lun (Nicholas Bellinger) [Orabug: 30538419] - kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth Ghatraju) [Orabug: 30539766] - cpu/speculation: Uninline and export CPU mitigations helpers (Kanth Ghatraju) [Orabug: 30539766] [4.1.12-124.33.3.el7uek] - rds: Use correct conn when dropping connections due to cancel (H&aring kon Bugge) [Orabug: 30316058] - rds: ib: Optimize rds_ib_laddr_check (H&aring kon Bugge) [Orabug: 30327671] - rds: Bring loop-back peer down as well (H&aring kon Bugge) [Orabug: 30271704] - rds: ib: Avoid connect retry on loopback connections (H&aring kon Bugge) [Orabug: 30271704] - rds: ib: Qualify CM REQ duplicate detection with connection being up (H&aring kon Bugge) [Orabug: 30062150] - rds: Further prioritize local loop-back connections (H&aring kon Bugge) [Orabug: 30062150] - rds: Fix initial zero delay when queuing re-connect work (H&aring kon Bugge) [Orabug: 30062150] - rds: Re-introduce separate work-queue for local connections (H&aring kon Bugge) [Orabug: 30062150] - rds: Re-factor and avoid superfluous queuing of shutdown work (H&aring kon Bugge) [Orabug: 29994551] - rds: ib: Flush ARP cache when connection attempt is rejected (H&aring kon Bugge) [Orabug: 29994550] - rds: ib: Fix incorrect setting of cp_reconnect_racing (H&aring kon Bugge) [Orabug: 29994553] - RDMA/cma: Make # CM retries configurable (H&aring kon Bugge) [Orabug: 29994555] - rds: Re-factor and avoid superfluous queuing of reconnect work (H&aring kon Bugge) [Orabug: 29994558] - rds: ib: Correct the cm_id compare commit (H&aring kon Bugge) [Orabug: 29994560] - rds: Increase entropy in hashing (H&aring kon Bugge) [Orabug: 29994561] - rds: ib: Resurrect the CQs instead of delete+create (H&aring kon Bugge) [Orabug: 29994566] - rds: Avoid queuing superfluous send and recv work (H&aring kon Bugge) [Orabug: 29994564] [4.1.12-124.33.2.el7uek] - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30517133] {CVE-2019-11135} - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135} - x86/tsx: Add
    last seen2020-06-01
    modified2020-06-02
    plugin id131174
    published2019-11-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131174
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4850)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2019-4850.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131174);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/17");
    
      script_cve_id("CVE-2017-18551", "CVE-2018-12207", "CVE-2019-11135", "CVE-2019-14835", "CVE-2019-15213", "CVE-2019-15215", "CVE-2019-15217", "CVE-2019-15916", "CVE-2019-16994", "CVE-2019-16995", "CVE-2019-17053", "CVE-2019-17055");
      script_xref(name:"IAVA", value:"2020-A-0325");
    
      script_name(english:"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4850)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Description of changes:
    
    [4.1.12-124.33.4.el7uek]
    - ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() (Shuning 
    Zhang) [Orabug: 30036349]
    - ocfs2: direct-IO: protect get_blocks (Junxiao Bi) [Orabug: 30036349]
    - SUNRPC: Remove xprt_connect_status() (Trond Myklebust) [Orabug: 30165838]
    - SUNRPC: Handle ENETDOWN errors (Trond Myklebust) [Orabug: 30165838]
    - vhost: make sure log_num < in_num (yongduan) [Orabug: 30312787] 
    {CVE-2019-14835}
    - vhost: block speculation of translated descriptors (Michael S. 
    Tsirkin) [Orabug: 30312787] {CVE-2019-14835}
    - vhost: Fix Spectre V1 vulnerability (Jason Wang) [Orabug: 30312787]
    - array_index_nospec: Sanitize speculative array de-references (Dan 
    Williams) [Orabug: 30312787]
    - net: hsr: fix memory leak in hsr_dev_finalize() (Mao Wenan) [Orabug: 
    30444853] {CVE-2019-16995}
    - ieee802154: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 
    30444946] {CVE-2019-17053}
    - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 
    30445158] {CVE-2019-17055}
    - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 
    30445305] {CVE-2019-16994}
    - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver 
    Neukum) [Orabug: 30490491] {CVE-2019-15213}
    - media: cpia2_usb: first wake up, then free in disconnect (Oliver 
    Neukum) [Orabug: 30511741] {CVE-2019-15215}
    - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in 
    zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532774] {CVE-2019-15217}
    - target: Propagate backend read-only to core_tpg_add_lun (Nicholas 
    Bellinger) [Orabug: 30538419]
    - kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth Ghatraju) [Orabug: 
    30539766]
    - cpu/speculation: Uninline and export CPU mitigations helpers (Kanth 
    Ghatraju) [Orabug: 30539766]
    
    [4.1.12-124.33.3.el7uek]
    - rds: Use correct conn when dropping connections due to cancel (H&aring kon 
    Bugge) [Orabug: 30316058]
    - rds: ib: Optimize rds_ib_laddr_check (H&aring kon Bugge) [Orabug: 30327671]
    - rds: Bring loop-back peer down as well (H&aring kon Bugge) [Orabug: 30271704]
    - rds: ib: Avoid connect retry on loopback connections (H&aring kon Bugge) 
    [Orabug: 30271704]
    - rds: ib: Qualify CM REQ duplicate detection with connection being up 
    (H&aring kon Bugge) [Orabug: 30062150]
    - rds: Further prioritize local loop-back connections (H&aring kon Bugge) 
    [Orabug: 30062150]
    - rds: Fix initial zero delay when queuing re-connect work (H&aring kon Bugge) 
    [Orabug: 30062150]
    - rds: Re-introduce separate work-queue for local connections (H&aring kon 
    Bugge) [Orabug: 30062150]
    - rds: Re-factor and avoid superfluous queuing of shutdown work (H&aring kon 
    Bugge) [Orabug: 29994551]
    - rds: ib: Flush ARP cache when connection attempt is rejected (H&aring kon 
    Bugge) [Orabug: 29994550]
    - rds: ib: Fix incorrect setting of cp_reconnect_racing (H&aring kon Bugge) 
    [Orabug: 29994553]
    - RDMA/cma: Make # CM retries configurable (H&aring kon Bugge) [Orabug: 29994555]
    - rds: Re-factor and avoid superfluous queuing of reconnect work (H&aring kon 
    Bugge) [Orabug: 29994558]
    - rds: ib: Correct the cm_id compare commit (H&aring kon Bugge) [Orabug: 29994560]
    - rds: Increase entropy in hashing (H&aring kon Bugge) [Orabug: 29994561]
    - rds: ib: Resurrect the CQs instead of delete+create (H&aring kon Bugge) 
    [Orabug: 29994566]
    - rds: Avoid queuing superfluous send and recv work (H&aring kon Bugge) 
    [Orabug: 29994564]
    
    [4.1.12-124.33.2.el7uek]
    - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) 
    [Orabug: 30517133] {CVE-2019-11135}
    - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan 
    Gupta) [Orabug: 30517133] {CVE-2019-11135}
    - x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Pawan Gupta) 
    [Orabug: 30517133] {CVE-2019-11135}
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Pawan Gupta) 
    [Orabug: 30517133] {CVE-2019-11135}
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan 
    Gupta) [Orabug: 30517133] {CVE-2019-11135}
    - x86/speculation/taa: Add mitigation for TSX Async Abort (Kanth 
    Ghatraju) [Orabug: 30517133] {CVE-2019-11135}
    - x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default 
    (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135}
    - x86/cpu: Add a helper function x86_read_arch_cap_msr() (Pawan Gupta) 
    [Orabug: 30517133] {CVE-2019-11135}
    - x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30517133] 
    {CVE-2019-11135}
    - kvm: x86: mmu: Recovery of shattered NX large pages (Junaid Shahid) 
    [Orabug: 30517059] {CVE-2018-12207}
    - kvm: Add helper function for creating VM worker threads (Junaid 
    Shahid) [Orabug: 30517059] {CVE-2018-12207}
    - kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [Orabug: 30517059] 
    {CVE-2018-12207}
    - KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) 
    [Orabug: 30517059] {CVE-2018-12207}
    - KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo 
    Bonzini) [Orabug: 30517059] {CVE-2018-12207}
    - kvm: x86: Do not release the page inside mmu_set_spte() (Junaid 
    Shahid) [Orabug: 30517059] {CVE-2018-12207}
    - x86/cpu: Add Tremont to the cpu vulnerability whitelist (Pawan Gupta) 
    [Orabug: 30517059] {CVE-2018-12207}
    - x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta) [Orabug: 
    30517059] {CVE-2018-12207}
    - KVM: x86: MMU: Move mapping_level_dirty_bitmap() call in 
    mapping_level() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
    - Revert 'KVM: x86: use the fast way to invalidate all pages' (Sean 
    Christopherson) [Orabug: 30517059] {CVE-2018-12207}
    - kvm: Convert kvm_lock to a mutex (Junaid Shahid) [Orabug: 30517059] 
    {CVE-2018-12207}
    - KVM: x86: MMU: Simplify force_pt_level calculation code in 
    FNAME(page_fault)() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
    - KVM: x86: MMU: Make force_pt_level bool (Takuya Yoshikawa) [Orabug: 
    30517059] {CVE-2018-12207}
    - KVM: x86: MMU: Remove unused parameter parent_pte from 
    kvm_mmu_get_page() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
    - KVM: x86: extend usage of RET_MMIO_PF_* constants (Paolo Bonzini) 
    [Orabug: 30517059] {CVE-2018-12207}
    - KVM: x86: MMU: Make mmu_set_spte() return emulate value (Takuya 
    Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
    - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to 
    link_shadow_page() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
    - KVM: x86: MMU: Move initialization of parent_ptes out from 
    kvm_mmu_alloc_page() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
    
    [4.1.12-124.33.1.el7uek]
    - scsi: qla2xxx: Fix NULL pointer crash due to probe failure 
    (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>himanshu.madhani at cavium.com</A>) [Orabug: 30161119]
    - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA 
    (Jeremy Compostella) [Orabug: 30210503] {CVE-2017-18551}
    - scsi: qla2xxx: Ability to process multiple SGEs in Command SGL for CT 
    passthrough commands. (Giridhar Malavali) [Orabug: 30256423]
    - net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing) 
    [Orabug: 30350263] {CVE-2019-15916}
    - Drivers: hv: vmbus: add special crash handler (Vitaly Kuznetsov) 
    [Orabug: 30374399]"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2019-November/009350.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2019-November/009351.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14835");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/21");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-18551", "CVE-2018-12207", "CVE-2019-11135", "CVE-2019-14835", "CVE-2019-15213", "CVE-2019-15215", "CVE-2019-15217", "CVE-2019-15916", "CVE-2019-16994", "CVE-2019-16995", "CVE-2019-17053", "CVE-2019-17055");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2019-4850");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "4.1";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-4.1.12-124.33.4.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-4.1.12-124.33.4.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-4.1.12-124.33.4.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-4.1.12-124.33.4.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-4.1.12-124.33.4.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-4.1.12-124.33.4.el6uek")) flag++;
    
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-4.1.12-124.33.4.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-4.1.12-124.33.4.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-devel-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-devel-4.1.12-124.33.4.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-devel-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-devel-4.1.12-124.33.4.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-doc-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-doc-4.1.12-124.33.4.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-firmware-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-firmware-4.1.12-124.33.4.el7uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3200-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-19081: Fixed a memory leak in the nfp_flower_spawn_vnic_reprs() could have allowed attackers to cause a denial of service (bsc#1157045). CVE-2019-19080: Fixed four memory leaks in the nfp_flower_spawn_phy_reprs() could have allowed attackers to cause a denial of service (bsc#1157044). CVE-2019-19052: Fixed a memory leak in the gs_can_open() which could have led to denial of service (bsc#1157324). CVE-2019-19067: Fixed multiple memory leaks in acp_hw_init (bsc#1157180). CVE-2019-19060: Fixed a memory leak in the adis_update_scan_mode() which could have led to denial of service (bsc#1157178). CVE-2019-19049: Fixed a memory leak in unittest_data_add (bsc#1157173). CVE-2019-19075: Fixed a memory leak in the ca8210_probe() which could have led to denial of service by triggering ca8210_get_platform_data() failures (bsc#1157162). CVE-2019-19058: Fixed a memory leak in the alloc_sgtable() which could have led to denial of service by triggering alloc_page() failures (bsc#1157145). CVE-2019-19074: Fixed a memory leak in the ath9k_wmi_cmd() function which could have led to denial of service (bsc#1157143). CVE-2019-19073: Fixed multiple memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c which could have led to denial of service by triggering wait_for_completion_timeout() failures (bsc#1157070). CVE-2019-19083: Fixed multiple memory leaks in *clock_source_create() functions which could have led to denial of service (bsc#1157049). CVE-2019-19082: Fixed multiple memory leaks in *create_resource_pool() which could have led to denial of service (bsc#1157046). CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() which might have led denial of service (bsc#1149448). CVE-2019-0154: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1135966). CVE-2019-0155: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135967). CVE-2019-16231: Fixed a NULL pointer dereference due to lack of checking the alloc_workqueue return value (bsc#1150466). CVE-2019-18805: Fixed an integer overflow in tcp_ack_update_rtt() leading to a denial of service or possibly unspecified other impact (bsc#1156187). CVE-2019-17055: Enforced CAP_NET_RAW in the AF_ISDN network module to restrict unprivileged users to create a raw socket (bsc#1152782). CVE-2019-16995: Fixed a memory leak in hsr_dev_finalize() which may have caused denial of service (bsc#1152685). CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903) CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372). CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788). CVE-2019-14821: An out-of-bounds access issue was fixed in the kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id131833
    published2019-12-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131833
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:3200-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0093-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-20095: mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c had some error-handling cases that did not free allocated hostcmd memory. This will cause a memory leak and denial of service (bnc#1159909). CVE-2019-20054: Fixed a a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links (bnc#1159910). CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bnc#1159908). CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841). CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c (bnc#1158819). CVE-2019-19319: A setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021). CVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297). CVE-2019-18808: A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption) (bnc#1156259). CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c where the length of variable elements in a beacon head were not checked, leading to a buffer overflow (bnc#1152107). CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303). CVE-2019-19051: There was a memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1159024). CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bnc#1158954). CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bnc#1158827). CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer (bnc#1158904). CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903). CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900). CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#1158893). CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834). CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824). CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bnc#1158381 1158823 1158834). CVE-2019-15213: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407). CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381). CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). CVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure (bnc#1157304). CVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157032). CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). CVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157045). CVE-2019-19080: Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157044). CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). CVE-2019-19073: Fixed memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070). CVE-2019-19083: Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157049). CVE-2019-19082: Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157046). CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). CVE-2019-0154: Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1135966). CVE-2019-0155: Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may have allowed an authenticated user to potentially enable escalation of privilege via local access (bnc#1135967). CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). CVE-2019-16995: In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d (bnc#1152685). CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access (bnc#1139073). CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150457). CVE-2018-12207: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may have allowed an authenticated user to potentially enable denial of service of the host system via local access (bnc#1117665). CVE-2019-10220: Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists (bnc#1144903). CVE-2019-17666: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (bnc#1154372). CVE-2019-16232: drivers/net/wireless/marvell/libertas/if_sdio.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150465). CVE-2019-16234: drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150452). CVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c did not reject a long SSID IE, leading to a Buffer Overflow (bnc#1153158). CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176 (bnc#1152788). CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id132925
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132925
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3295-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() which might have led denial of service (bsc#1149448). CVE-2019-0154: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1135966). CVE-2019-0155: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135967). CVE-2019-16231: Fixed a NULL pointer dereference due to lack of checking the alloc_workqueue return value (bsc#1150466). CVE-2019-18805: Fixed an integer overflow in tcp_ack_update_rtt() leading to a denial of service or possibly unspecified other impact (bsc#1156187). CVE-2019-17055: Enforced CAP_NET_RAW in the AF_ISDN network module to restrict unprivileged users to create a raw socket (bsc#1152782). CVE-2019-16995: Fixed a memory leak in hsr_dev_finalize() which may have caused denial of service (bsc#1152685). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id132071
    published2019-12-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132071
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3295-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3371-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070). CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132389
    published2019-12-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132389
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:3371-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1016.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1016 advisory. - kernel: out of bound read in DVB connexant driver. (CVE-2015-9289) - kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807) - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191) - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) - kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190) - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382) - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) - kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call (CVE-2019-13648) - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) - kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746) - kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901) - kernel: brcmfmac frame validation bypass (CVE-2019-9503) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-10
    plugin id135316
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135316
    titleCentOS 7 : kernel (CESA-2020:1016)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a
    last seen2020-06-01
    modified2020-06-02
    plugin id132499
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132499
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2020-037.NASL
    descriptionAccording to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic. - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow. - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c. - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c. - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c. - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service. - kernel: offset2lib allows for the stack guard page to be jumped over. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2020-05-22
    plugin id136804
    published2020-05-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136804
    titleVirtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-037)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a
    last seen2020-06-01
    modified2020-06-02
    plugin id132490
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132490
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3309.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: NULL pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-05-08
    modified2019-11-06
    plugin id130526
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130526
    titleRHEL 8 : kernel-rt (RHSA-2019:3309)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2353.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):The yam_ioctl function in drivers et/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2187)Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.(CVE-2016-2384)The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.(CVE-2016-2782)The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138)The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3140)The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.(CVE-2016-3689)The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.(CVE-2016-4569)sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.(CVE-2016-4578)The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.(CVE-2016-7425)The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.(CVE-2017-1000379)In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes(CVE-2017-11089)An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.(CVE-2017-13167)In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216)A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.(CVE-2017-13305)An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.(CVE-2017-14051)The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.(CVE-2017-18232)An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.(CVE-2018-10322)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.(CVE-2018-12896)An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.(CVE-2018-17972)An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.(CVE-2018-18710 )An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers et/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.(CVE-2018-20511)An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518 )Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-12-10
    plugin id131845
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131845
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3381-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-19767: Fixed ext4_expand_extra_isize mishandles, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297). CVE-2019-18808: Fixed a memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption) (bnc#1156259). CVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303). CVE-2019-19051: Fixed memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c that allowed attackers to cause a denial of service (memory consumption) (bnc#1159024). CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bsc#1158954). CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bsc#1158827). CVE-2019-19537: There was a race condition bug that could have been caused by a malicious USB device in the USB character device driver layer (bnc#1158904). CVE-2019-19535: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903). CVE-2019-19527: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900). CVE-2019-19526: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#1158893). CVE-2019-19533: There was an info-leak bug that could have been caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834). CVE-2019-19532: There were multiple out-of-bounds write bugs that could have been caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824). CVE-2019-19523: There was a use-after-free bug that could have been caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (bnc#1158823). CVE-2019-15213: An issue was discovered in the Linux kernel, there was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407). CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381). CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function (bnc#1157070). CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132394
    published2019-12-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132394
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3381-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2274.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.(CVE-2017-5754)The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.(CVE-2017-5897)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.(CVE-2017-7518)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.(CVE-2018-1066)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.(CVE-2018-13094)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant.(CVE-2018-7995)In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.(CVE-2018-9363)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-11-08
    plugin id130736
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130736
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1452.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.(CVE-2019-19447) - This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-10220) - ** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.(CVE-2014-3180) - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e(CVE-2019-20054) - pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.(CVE-2019-19965)
    last seen2020-04-30
    modified2020-04-16
    plugin id135614
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135614
    titleEulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1452)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1016.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1016 advisory. - kernel: out of bound read in DVB connexant driver. (CVE-2015-9289) - kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807) - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191) - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) - kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190) - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382) - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) - kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call (CVE-2019-13648) - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) - kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746) - kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901) - kernel: brcmfmac frame validation bypass (CVE-2019-9503) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135080
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135080
    titleRHEL 7 : kernel (RHSA-2020:1016)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1070.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1070 advisory. - kernel: out of bound read in DVB connexant driver. (CVE-2015-9289) - kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807) - kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) - kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) - kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191) - kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) - Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) - Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) - kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190) - kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) - kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382) - kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) - kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) - kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746) - kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901) - kernel: brcmfmac frame validation bypass (CVE-2019-9503) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135078
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135078
    titleRHEL 7 : kernel-rt (RHSA-2020:1070)

Redhat

advisories
  • rhsa
    idRHSA-2019:3309
  • rhsa
    idRHSA-2019:3517
  • rhsa
    idRHSA-2020:0740
rpms
  • kernel-rt-0:4.18.0-147.rt24.93.el8
  • kernel-rt-core-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-core-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-debuginfo-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-devel-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-kvm-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-kvm-debuginfo-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-modules-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debug-modules-extra-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debuginfo-0:4.18.0-147.rt24.93.el8
  • kernel-rt-debuginfo-common-x86_64-0:4.18.0-147.rt24.93.el8
  • kernel-rt-devel-0:4.18.0-147.rt24.93.el8
  • kernel-rt-kvm-0:4.18.0-147.rt24.93.el8
  • kernel-rt-kvm-debuginfo-0:4.18.0-147.rt24.93.el8
  • kernel-rt-modules-0:4.18.0-147.rt24.93.el8
  • kernel-rt-modules-extra-0:4.18.0-147.rt24.93.el8
  • bpftool-0:4.18.0-147.el8
  • bpftool-debuginfo-0:4.18.0-147.el8
  • kernel-0:4.18.0-147.el8
  • kernel-abi-whitelists-0:4.18.0-147.el8
  • kernel-core-0:4.18.0-147.el8
  • kernel-cross-headers-0:4.18.0-147.el8
  • kernel-debug-0:4.18.0-147.el8
  • kernel-debug-core-0:4.18.0-147.el8
  • kernel-debug-debuginfo-0:4.18.0-147.el8
  • kernel-debug-devel-0:4.18.0-147.el8
  • kernel-debug-modules-0:4.18.0-147.el8
  • kernel-debug-modules-extra-0:4.18.0-147.el8
  • kernel-debuginfo-0:4.18.0-147.el8
  • kernel-debuginfo-common-aarch64-0:4.18.0-147.el8
  • kernel-debuginfo-common-ppc64le-0:4.18.0-147.el8
  • kernel-debuginfo-common-s390x-0:4.18.0-147.el8
  • kernel-debuginfo-common-x86_64-0:4.18.0-147.el8
  • kernel-devel-0:4.18.0-147.el8
  • kernel-doc-0:4.18.0-147.el8
  • kernel-headers-0:4.18.0-147.el8
  • kernel-modules-0:4.18.0-147.el8
  • kernel-modules-extra-0:4.18.0-147.el8
  • kernel-tools-0:4.18.0-147.el8
  • kernel-tools-debuginfo-0:4.18.0-147.el8
  • kernel-tools-libs-0:4.18.0-147.el8
  • kernel-tools-libs-devel-0:4.18.0-147.el8
  • kernel-zfcpdump-0:4.18.0-147.el8
  • kernel-zfcpdump-core-0:4.18.0-147.el8
  • kernel-zfcpdump-debuginfo-0:4.18.0-147.el8
  • kernel-zfcpdump-devel-0:4.18.0-147.el8
  • kernel-zfcpdump-modules-0:4.18.0-147.el8
  • kernel-zfcpdump-modules-extra-0:4.18.0-147.el8
  • perf-0:4.18.0-147.el8
  • perf-debuginfo-0:4.18.0-147.el8
  • python3-perf-0:4.18.0-147.el8
  • python3-perf-debuginfo-0:4.18.0-147.el8
  • kernel-0:4.14.0-115.18.1.el7a
  • kernel-abi-whitelists-0:4.14.0-115.18.1.el7a
  • kernel-bootwrapper-0:4.14.0-115.18.1.el7a
  • kernel-debug-0:4.14.0-115.18.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-debug-devel-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.18.1.el7a
  • kernel-devel-0:4.14.0-115.18.1.el7a
  • kernel-doc-0:4.14.0-115.18.1.el7a
  • kernel-headers-0:4.14.0-115.18.1.el7a
  • kernel-kdump-0:4.14.0-115.18.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-kdump-devel-0:4.14.0-115.18.1.el7a
  • kernel-tools-0:4.14.0-115.18.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-tools-libs-0:4.14.0-115.18.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.18.1.el7a
  • perf-0:4.14.0-115.18.1.el7a
  • perf-debuginfo-0:4.14.0-115.18.1.el7a
  • python-perf-0:4.14.0-115.18.1.el7a
  • python-perf-debuginfo-0:4.14.0-115.18.1.el7a
  • bpftool-0:3.10.0-1127.el7
  • bpftool-debuginfo-0:3.10.0-1127.el7
  • kernel-0:3.10.0-1127.el7
  • kernel-abi-whitelists-0:3.10.0-1127.el7
  • kernel-bootwrapper-0:3.10.0-1127.el7
  • kernel-debug-0:3.10.0-1127.el7
  • kernel-debug-debuginfo-0:3.10.0-1127.el7
  • kernel-debug-devel-0:3.10.0-1127.el7
  • kernel-debuginfo-0:3.10.0-1127.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-1127.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-1127.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-1127.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-1127.el7
  • kernel-devel-0:3.10.0-1127.el7
  • kernel-doc-0:3.10.0-1127.el7
  • kernel-headers-0:3.10.0-1127.el7
  • kernel-kdump-0:3.10.0-1127.el7
  • kernel-kdump-debuginfo-0:3.10.0-1127.el7
  • kernel-kdump-devel-0:3.10.0-1127.el7
  • kernel-tools-0:3.10.0-1127.el7
  • kernel-tools-debuginfo-0:3.10.0-1127.el7
  • kernel-tools-libs-0:3.10.0-1127.el7
  • kernel-tools-libs-devel-0:3.10.0-1127.el7
  • perf-0:3.10.0-1127.el7
  • perf-debuginfo-0:3.10.0-1127.el7
  • python-perf-0:3.10.0-1127.el7
  • python-perf-debuginfo-0:3.10.0-1127.el7
  • kernel-rt-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debug-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debug-devel-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debug-kvm-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debuginfo-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-devel-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-doc-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-kvm-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-trace-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-trace-devel-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-trace-kvm-0:3.10.0-1127.rt56.1093.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-1127.rt56.1093.el7