Vulnerabilities > CVE-2019-17666 - Classic Buffer Overflow vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
linux
debian
canonical
CWE-120
nessus
NVD
Published: 2019-10-17
Updated: 2023-11-07

Summary

rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.

Vulnerable Configurations

Part Description Count
OS
Linux
3436
OS
Debian
1
OS
Canonical
5

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4186-1.NASL
    descriptionStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Maddie Stone discovered that the Binder IPC Driver implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2215). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-11-13
    plugin id130966
    published2019-11-13
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130966
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm vulnerabilities (USN-4186-1)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4186-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(130966);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");

  script_cve_id("CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-15098", "CVE-2019-16746", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17666", "CVE-2019-2215");
  script_xref(name:"USN", value:"4186-1");

  script_name(english:"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm vulnerabilities (USN-4186-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro
Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi
Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van
Bulck discovered that Intel processors using Transactional
Synchronization Extensions (TSX) could expose memory contents
previously stored in microarchitectural buffers to a malicious process
that is executing on the same CPU core. A local attacker could use
this to expose sensitive information. (CVE-2019-11135)

It was discovered that the Intel i915 graphics chipsets allowed
userspace to modify page table entries via writes to MMIO from the
Blitter Command Streamer and expose kernel memory information. A local
attacker could use this to expose sensitive information or possibly
elevate privileges. (CVE-2019-0155)

Deepak Gupta discovered that on certain Intel processors, the Linux
kernel did not properly perform invalidation on page table updates by
virtual guest operating systems. A local attacker in a guest VM could
use this to cause a denial of service (host system crash).
(CVE-2018-12207)

It was discovered that the Intel i915 graphics chipsets could cause a
system hang when userspace performed a read from GT memory mapped
input output (MMIO) when the product is in certain low power states. A
local attacker could use this to cause a denial of service.
(CVE-2019-0154)

Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver
for the Linux kernel did not properly validate endpoint descriptors
returned by the device. A physically proximate attacker could use this
to cause a denial of service (system crash). (CVE-2019-15098)

It was discovered that a buffer overflow existed in the 802.11 Wi-Fi
configuration interface for the Linux kernel when handling beacon
settings. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2019-16746)

Ori Nimron discovered that the AX25 network protocol implementation in
the Linux kernel did not properly perform permissions checks. A local
attacker could use this to create a raw socket. (CVE-2019-17052)

Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network
protocol implementation in the Linux kernel did not properly perform
permissions checks. A local attacker could use this to create a raw
socket. (CVE-2019-17053)

Ori Nimron discovered that the Appletalk network protocol
implementation in the Linux kernel did not properly perform
permissions checks. A local attacker could use this to create a raw
socket. (CVE-2019-17054)

Ori Nimron discovered that the modular ISDN network protocol
implementation in the Linux kernel did not properly perform
permissions checks. A local attacker could use this to create a raw
socket. (CVE-2019-17055)

Ori Nimron discovered that the Near field Communication (NFC) network
protocol implementation in the Linux kernel did not properly perform
permissions checks. A local attacker could use this to create a raw
socket. (CVE-2019-17056)

Nico Waisman discovered that a buffer overflow existed in the Realtek
Wi-Fi driver for the Linux kernel when handling Notice of Absence
frames. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2019-17666)

Maddie Stone discovered that the Binder IPC Driver implementation in
the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2019-2215).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/4186-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17666");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Android Binder Use-After-Free Exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2018-12207", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-15098", "CVE-2019-16746", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17666", "CVE-2019-2215");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4186-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1062-kvm", pkgver:"4.4.0-1062.69")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1098-aws", pkgver:"4.4.0-1098.109")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-168-generic", pkgver:"4.4.0-168.197")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-168-generic-lpae", pkgver:"4.4.0-168.197")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-168-lowlatency", pkgver:"4.4.0-168.197")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws", pkgver:"4.4.0.1098.102")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic", pkgver:"4.4.0.168.176")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae", pkgver:"4.4.0.168.176")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-kvm", pkgver:"4.4.0.1062.62")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency", pkgver:"4.4.0.168.176")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-virtual", pkgver:"4.4.0.168.176")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-aws / linux-image-4.4-generic / etc");
}
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1465.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1465 advisory. - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) - Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-14
    plugin id135457
    published2020-04-14
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135457
    titleRHEL 7 : kernel (RHSA-2020:1465)
    code
    #
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2020:1465. The text
# itself is copyright (C) Red Hat, Inc.
#


include('compat.inc');

if (description)
{
  script_id(135457);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21");

  script_cve_id("CVE-2019-17666", "CVE-2019-19338");
  script_xref(name:"RHSA", value:"2020:1465");

  script_name(english:"RHEL 7 : kernel (RHSA-2020:1465)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2020:1465 advisory.

  - kernel: rtl_p2p_noa_ie in
    drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux
    kernel lacks a certain upper-bound check, leading to a
    buffer overflow (CVE-2019-17666)

  - Kernel: KVM: export MSR_IA32_TSX_CTRL to guest -
    incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/120.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/385.html");
  script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/203.html");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1465");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-17666");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19338");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17666");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(120, 203, 385);

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.6::computenode");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.6::server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
include('ksplice.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item('Host/RedHat/release');
if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (! preg(pattern:"^7\.6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  rm_kb_item(name:'Host/uptrack-uname-r');
  cve_list = make_list('CVE-2019-17666', 'CVE-2019-19338');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:1465');
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

pkgs = [
    {'reference':'bpftool-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'},
    {'reference':'kernel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'},
    {'reference':'kernel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'},
    {'reference':'kernel-abi-whitelists-3.10.0-957.48.1.el7', 'sp':'6', 'release':'7'},
    {'reference':'kernel-debug-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'},
    {'reference':'kernel-debug-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'},
    {'reference':'kernel-debug-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'},
    {'reference':'kernel-debug-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'},
    {'reference':'kernel-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'},
    {'reference':'kernel-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'},
    {'reference':'kernel-headers-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'},
    {'reference':'kernel-headers-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'},
    {'reference':'kernel-kdump-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'},
    {'reference':'kernel-kdump-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'},
    {'reference':'kernel-tools-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'},
    {'reference':'kernel-tools-libs-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'},
    {'reference':'kernel-tools-libs-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'},
    {'reference':'perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'},
    {'reference':'perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'},
    {'reference':'python-perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7'},
    {'reference':'python-perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7'}
];

flag = 0;
foreach package_array ( pkgs ) {
  reference = NULL;
  release = NULL;
  sp = NULL;
  cpu = NULL;
  el_string = NULL;
  rpm_spec_vers_cmp = NULL;
  epoch = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (reference && release) {
    if (rpm_spec_vers_cmp) {
      if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
    }
    else
    {
      if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');
}
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2283.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.(CVE-2019-18809) - A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.(CVE-2019-18813) - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.(CVE-2019-18806) - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16234) - Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136) - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.(CVE-2019-16746) - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133) - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666) - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075) - ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.(CVE-2019-17052) - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.(CVE-2019-17053) - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.(CVE-2019-17054) - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.(CVE-2019-17055) - llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.(CVE-2019-17056) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-11-27
    plugin id131349
    published2019-11-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131349
    titleEulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2283)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(131349);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");

  script_cve_id(
    "CVE-2019-0136",
    "CVE-2019-16234",
    "CVE-2019-16746",
    "CVE-2019-17052",
    "CVE-2019-17053",
    "CVE-2019-17054",
    "CVE-2019-17055",
    "CVE-2019-17056",
    "CVE-2019-17075",
    "CVE-2019-17133",
    "CVE-2019-17666",
    "CVE-2019-18806",
    "CVE-2019-18809",
    "CVE-2019-18813"
  );

  script_name(english:"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2283)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - A memory leak in the af9005_identify_state() function
    in drivers/media/usb/dvb-usb/af9005.c in the Linux
    kernel through 5.3.9 allows attackers to cause a denial
    of service (memory consumption), aka
    CID-2289adbfa559.(CVE-2019-18809)

  - A memory leak in the dwc3_pci_probe() function in
    drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through
    5.3.9 allows attackers to cause a denial of service
    (memory consumption) by triggering
    platform_device_add_properties() failures, aka
    CID-9bbfceea12a8.(CVE-2019-18813)

  - A memory leak in the ql_alloc_large_buffers() function
    in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux
    kernel before 5.3.5 allows local users to cause a
    denial of service (memory consumption) by triggering
    pci_dma_mapping_error() failures, aka
    CID-1acb8f2a7a9f.(CVE-2019-18806)

  - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the
    Linux kernel 5.2.14 does not check the alloc_workqueue
    return value, leading to a NULL pointer
    dereference.(CVE-2019-16234)

  - Insufficient access control in the Intel(R)
    PROSet/Wireless WiFi Software driver before version
    21.10 may allow an unauthenticated user to potentially
    enable denial of service via adjacent
    access.(CVE-2019-0136)

  - An issue was discovered in net/wireless/nl80211.c in
    the Linux kernel through 5.2.17. It does not check the
    length of variable elements in a beacon head, leading
    to a buffer overflow.(CVE-2019-16746)

  - In the Linux kernel through 5.3.2,
    cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c
    does not reject a long SSID IE, leading to a Buffer
    Overflow.(CVE-2019-17133)

  - rtl_p2p_noa_ie in
    drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux
    kernel through 5.3.6 lacks a certain upper-bound check,
    leading to a buffer overflow.(CVE-2019-17666)

  - An issue was discovered in write_tpt_entry in
    drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel
    through 5.3.2. The cxgb4 driver is directly calling
    dma_map_single (a DMA function) from a stack variable.
    This could allow an attacker to trigger a Denial of
    Service, exploitable if this driver is used on an
    architecture for which this stack/DMA interaction has
    security relevance.(CVE-2019-17075)

  - ax25_create in net/ax25/af_ax25.c in the AF_AX25
    network module in the Linux kernel through 5.3.2 does
    not enforce CAP_NET_RAW, which means that unprivileged
    users can create a raw socket, aka
    CID-0614e2b73768.(CVE-2019-17052)

  - ieee802154_create in net/ieee802154/socket.c in the
    AF_IEEE802154 network module in the Linux kernel
    through 5.3.2 does not enforce CAP_NET_RAW, which means
    that unprivileged users can create a raw socket, aka
    CID-e69dbd4619e7.(CVE-2019-17053)

  - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK
    network module in the Linux kernel through 5.3.2 does
    not enforce CAP_NET_RAW, which means that unprivileged
    users can create a raw socket, aka
    CID-6cc03e8aa36c.(CVE-2019-17054)

  - base_sock_create in drivers/isdn/mISDN/socket.c in the
    AF_ISDN network module in the Linux kernel through
    5.3.2 does not enforce CAP_NET_RAW, which means that
    unprivileged users can create a raw socket, aka
    CID-b91ee4aa2a21.(CVE-2019-17055)

  - llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC
    network module in the Linux kernel through 5.3.2 does
    not enforce CAP_NET_RAW, which means that unprivileged
    users can create a raw socket, aka
    CID-3a359798b176.(CVE-2019-17056)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2283
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?751dbe06");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["bpftool-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "kernel-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "kernel-devel-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "kernel-headers-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "kernel-source-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "kernel-tools-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "kernel-tools-libs-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "perf-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "python-perf-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "python3-perf-4.19.36-vhulk1907.1.0.h529.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-5533.NASL
    descriptionDescription of changes: [4.14.35-1902.10.7] - rtlwifi: Fix potential overflow on P2P code (Laura Abbott) [Orabug: 30807747] {CVE-2019-17666} - rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu) [Orabug: 30770961] {CVE-2016-5244} - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) (Paolo Bonzini) [Orabug: 30658694] {CVE-2019-19332} [4.14.35-1902.10.6] - IB/mlx4: Fix use after free in RDMA CM disconnect code path (Manjunath Patil) - RDMA/cma: Relax device check in cma_match_net_dev() (Hakon Bugge) [Orabug: 30809126] - IB/mlx4: Fix leak in id_map_find_del (Hakon Bugge) [Orabug: 30805810] - net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c (Peter Oskolkov) [Orabug: 30787503] - net: IP6 defrag: use rbtrees for IPv6 defrag (Peter Oskolkov) [Orabug: 30787503] - ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module (Florian Westphal) [Orabug: 30787503] - net: IP defrag: encapsulate rbtree defrag code into callable functions (Peter Oskolkov) [Orabug: 30787503] - ipv6: frags: fix a lockdep false positive (Eric Dumazet) [Orabug: 30787503] [4.14.35-1902.10.5] - drm/i915/cmdparser: Fix jump whitelist clearing (Ben Hutchings) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/gen8+: Add RC6 CTX corruption WA (Imre Deak) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Lower RM timeout to avoid DSI hard hangs (Uma Shankar) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Ignore Length operands during command matching (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Add support for backward jumps (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Use explicit goto for error paths (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Add gen9 BCS cmdparsing (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Allow parsing of unsized batches (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Add support for mandatory cmdparsing (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Remove Master tables from cmdparser (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Disable Secure Batches for gen6+ (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Rename gen7 cmdparser tables (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Move engine->needs_cmd_parser to engine->flags (Tvrtko Ursulin) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Dont use GPU relocations prior to cmdparser stalls (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Silence smatch for cmdparser (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Do not check past the cmd length. (Michal Srb) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Check reg_table_count before derefencing. (Michal Srb) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Prevent writing into a read-only object via a GGTT mmap (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/gtt: Disable read-only support under GVT (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/gtt: Read-only pages for insert_entries on bdw+ (Vivi, Rodrigo) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/gtt: Add read only pages to gen8_pte_encode (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (Anchal Agarwal) [Orabug: 30681025] - x86: microcode: propagate return value to siblings (Mihai Carabas) [Orabug: 30557081] - x86/bugs: TSX not disabled at late loading (Mihai Carabas) [Orabug: 30557081] - x86/bugs: missed initconst cpu_vuln_whitelist used at late loading (Mihai Carabas) [Orabug: 30659681] - mwifiex: Fix mem leak in mwifiex_tm_cmd (YueHaibing) [Orabug: 30732918] {CVE-2019-20095} - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732937] {CVE-2019-20054} - fjes: Handle workqueue allocation failure (Will Deacon) [Orabug: 30771875] {CVE-2019-16231}
    last seen2020-06-01
    modified2020-06-02
    plugin id133632
    published2020-02-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133632
    titleOracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5533)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4183-1.NASL
    descriptionStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130963
    published2019-11-13
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130963
    titleUbuntu 19.10 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, (USN-4183-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2946-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130946
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130946
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2946-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0740.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: powerpc: local user can read vector registers of other users
    last seen2020-03-18
    modified2020-03-10
    plugin id134361
    published2020-03-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134361
    titleRHEL 7 : kernel-alt (RHSA-2020:0740)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-5535.NASL
    descriptionDescription of changes: [4.1.12-124.36.1.el6uek] - iscsi-target: graceful disconnect on invalid mapping to iovec (Imran Haider) [Orabug: 30459537] - x86/microcode: Issue update message only once (Borislav Petkov) [Orabug: 30528904] - x86/microcode/intel: Issue the revision updated message only on the BSP (Borislav Petkov) [Orabug: 30528904] - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) (Paolo Bonzini) [Orabug: 30658695] {CVE-2019-19332} - rtlwifi: Fix potential overflow on P2P code (Laura Abbott) [Orabug: 30807748] {CVE-2019-17666} [4.1.12-124.35.5.el6uek] - x86: microcode: propagate return value to siblings (Mihai Carabas) [Orabug: 30557086] - x86/bugs: TSX not disabled at late loading (Mihai Carabas) [Orabug: 30557086] - mlx5: lock mlx5_core to prevent module unload (Brian Maly) [Orabug: 30566775] - rds: RDS/TCP does not initiate a connection (Ka-Cheong Poon) [Orabug: 30576433] - x86: bugs: replace static_ with boot_ for CPU bugs mitigations (Mihai Carabas) [Orabug: 30649400]
    last seen2020-06-01
    modified2020-06-02
    plugin id133711
    published2020-02-14
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133711
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5535)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2947-1.NASL
    descriptionThe SUSE Linux Enterprise 15-SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130947
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130947
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2947-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6A67FF8793.NASL
    descriptionThe 5.3.7 update contains a number of important fixes across the tree. The update also includes a fix for the [CVE-2019-17666](https://access.redhat.com/security/cve/CVE-2019-17666 ) security vulnerability regarding a buffer overflow in a Realtek wireless driver. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130237
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130237
    titleFedora 31 : kernel / kernel-tools (2019-6a67ff8793)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1473.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1473 advisory. - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-14
    plugin id135461
    published2020-04-14
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135461
    titleRHEL 7 : kernel (RHSA-2020:1473)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4185-3.NASL
    descriptionUSN-4185-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details : Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131013
    published2019-11-14
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131013
    titleUbuntu 16.04 LTS / 18.04 LTS : linux, linux-hwe, linux-oem vulnerability and regression (USN-4185-3)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1524.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1524 advisory. - kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-28
    plugin id136020
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136020
    titleCentOS 6 : kernel (CESA-2020:1524) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2392.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-17666: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c lacked a certain upper-bound check, leading to a buffer overflow (bnc#1154372). - CVE-2019-16232: drivers/net/wireless/marvell/libertas/if_sdio.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150465). - CVE-2019-16234: drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150452). - CVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c did not reject a long SSID IE, leading to a Buffer Overflow (bnc#1153158). - CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176 (bnc#1152788). The following non-security bugs were fixed : - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add kernel module compression support (bsc#1135854) For enabling the kernel module compress, add the item COMPRESS_MODULES=
    last seen2020-06-01
    modified2020-06-02
    plugin id130338
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130338
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-2392)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1353.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1353 advisory. - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-07
    plugin id135248
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135248
    titleRHEL 6 : kernel-rt (RHSA-2020:1353)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4183-2.NASL
    descriptionUSN-4183-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details : Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131011
    published2019-11-14
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131011
    titleUbuntu 19.10 : linux vulnerability (USN-4183-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4186-3.NASL
    descriptionUSN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details : Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666) Maddie Stone discovered that the Binder IPC Driver implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2215). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-11-14
    plugin id131014
    published2019-11-14
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131014
    titleUbuntu 16.04 LTS : linux vulnerability (USN-4186-3)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0831.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0831 advisory. - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-03-18
    plugin id134670
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134670
    titleRHEL 8 : kernel (RHSA-2020:0831)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3200-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-19081: Fixed a memory leak in the nfp_flower_spawn_vnic_reprs() could have allowed attackers to cause a denial of service (bsc#1157045). CVE-2019-19080: Fixed four memory leaks in the nfp_flower_spawn_phy_reprs() could have allowed attackers to cause a denial of service (bsc#1157044). CVE-2019-19052: Fixed a memory leak in the gs_can_open() which could have led to denial of service (bsc#1157324). CVE-2019-19067: Fixed multiple memory leaks in acp_hw_init (bsc#1157180). CVE-2019-19060: Fixed a memory leak in the adis_update_scan_mode() which could have led to denial of service (bsc#1157178). CVE-2019-19049: Fixed a memory leak in unittest_data_add (bsc#1157173). CVE-2019-19075: Fixed a memory leak in the ca8210_probe() which could have led to denial of service by triggering ca8210_get_platform_data() failures (bsc#1157162). CVE-2019-19058: Fixed a memory leak in the alloc_sgtable() which could have led to denial of service by triggering alloc_page() failures (bsc#1157145). CVE-2019-19074: Fixed a memory leak in the ath9k_wmi_cmd() function which could have led to denial of service (bsc#1157143). CVE-2019-19073: Fixed multiple memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c which could have led to denial of service by triggering wait_for_completion_timeout() failures (bsc#1157070). CVE-2019-19083: Fixed multiple memory leaks in *clock_source_create() functions which could have led to denial of service (bsc#1157049). CVE-2019-19082: Fixed multiple memory leaks in *create_resource_pool() which could have led to denial of service (bsc#1157046). CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() which might have led denial of service (bsc#1149448). CVE-2019-0154: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1135966). CVE-2019-0155: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135967). CVE-2019-16231: Fixed a NULL pointer dereference due to lack of checking the alloc_workqueue return value (bsc#1150466). CVE-2019-18805: Fixed an integer overflow in tcp_ack_update_rtt() leading to a denial of service or possibly unspecified other impact (bsc#1156187). CVE-2019-17055: Enforced CAP_NET_RAW in the AF_ISDN network module to restrict unprivileged users to create a raw socket (bsc#1152782). CVE-2019-16995: Fixed a memory leak in hsr_dev_finalize() which may have caused denial of service (bsc#1152685). CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference. (bsc#1150457). CVE-2019-10220: Added sanity checks on the pathnames passed to the user space. (bsc#1144903) CVE-2019-17666: rtlwifi: Fix potential overflow in P2P code (bsc#1154372). CVE-2019-17056: The AF_NFC network module did not enforce CAP_NET_RAW, which meant that unprivileged users could create a raw socket (bsc#1152788). CVE-2019-14821: An out-of-bounds access issue was fixed in the kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id131833
    published2019-12-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131833
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:3200-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0839.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0839 advisory. - kernel: Count overflow in FUSE request leading to use- after-free issues. (CVE-2019-11487) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) - Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-03-26
    plugin id134902
    published2020-03-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134902
    titleCentOS 7 : kernel (CESA-2020:0839)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4184-1.NASL
    descriptionStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130964
    published2019-11-13
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130964
    titleUbuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, (USN-4184-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0834.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0834 advisory. - kernel: Count overflow in FUSE request leading to use- after-free issues. (CVE-2019-11487) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) - Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-03-18
    plugin id134671
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134671
    titleRHEL 7 : kernel (RHSA-2020:0834)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0093-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-20095: mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c had some error-handling cases that did not free allocated hostcmd memory. This will cause a memory leak and denial of service (bnc#1159909). CVE-2019-20054: Fixed a a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links (bnc#1159910). CVE-2019-20096: Fixed a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service (bnc#1159908). CVE-2019-19966: Fixed a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service (bnc#1159841). CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c (bnc#1158819). CVE-2019-19319: A setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call (bnc#1158021). CVE-2019-19767: Fixed mishandling of ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c (bnc#1159297). CVE-2019-18808: A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption) (bnc#1156259). CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c where the length of variable elements in a beacon head were not checked, leading to a buffer overflow (bnc#1152107). CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures (bnc#1157303). CVE-2019-19051: There was a memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1159024). CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous Abort (TAA) (bnc#1158954). CVE-2019-19332: There was an OOB memory write via kvm_dev_ioctl_get_cpuid (bnc#1158827). CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer (bnc#1158904). CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903). CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (bnc#1158900). CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver (bnc#1158893). CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver (bnc#1158834). CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers (bnc#1158824). CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bnc#1158381 1158823 1158834). CVE-2019-15213: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544). CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1158445). CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427). CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver (bnc#1158417). CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver (bnc#1158410). CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver (bnc#1158394). CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver (bnc#1158413). CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (bnc#1158407). CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (bnc#1158398). CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver (bnc#1158381). CVE-2019-14901: A heap overflow flaw was found in the Linux kernel in Marvell WiFi chip driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system (bnc#1157042). CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could have allowed the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1157158). CVE-2019-18660: The Linux kernel on powerpc allowed Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c (bnc#1157038). CVE-2019-18683: An issue was discovered in drivers/media/platform/vivid in the Linux kernel. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free (bnc#1155897). CVE-2019-18809: A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1156258). CVE-2019-19046: A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure (bnc#1157304). CVE-2019-19078: A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157032). CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures (bnc#1157333). CVE-2019-19057: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19056: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures (bnc#1157197). CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157307). CVE-2019-19063: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157298). CVE-2019-19227: In the AppleTalk subsystem in the Linux kernel there was a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client (bnc#1157678). CVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157045). CVE-2019-19080: Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157044). CVE-2019-19065: A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures (bnc#1157191). CVE-2019-19077: A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering copy to udata failures (bnc#1157171). CVE-2019-19052: A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures (bnc#1157324). CVE-2019-19067: Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures (bsc#1157180). CVE-2019-19060: A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157178). CVE-2019-19049: A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures (bsc#1157173). CVE-2019-19075: A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures (bnc#1157162). CVE-2019-19058: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures (bnc#1157145). CVE-2019-19074: A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157143). CVE-2019-19073: Fixed memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures (bnc#1157070). CVE-2019-19083: Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157049). CVE-2019-19082: Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel allowed attackers to cause a denial of service (memory consumption) (bnc#1157046). CVE-2019-15916: An issue was discovered in the Linux kernel There was a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service (bnc#1149448). CVE-2019-0154: Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1135966). CVE-2019-0155: Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may have allowed an authenticated user to potentially enable escalation of privilege via local access (bnc#1135967). CVE-2019-16231: drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150466). CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel There was a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact (bnc#1156187). CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket (bnc#1152782). CVE-2019-16995: In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d (bnc#1152685). CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access (bnc#1139073). CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150457). CVE-2018-12207: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may have allowed an authenticated user to potentially enable denial of service of the host system via local access (bnc#1117665). CVE-2019-10220: Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists (bnc#1144903). CVE-2019-17666: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (bnc#1154372). CVE-2019-16232: drivers/net/wireless/marvell/libertas/if_sdio.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150465). CVE-2019-16234: drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150452). CVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c did not reject a long SSID IE, leading to a Buffer Overflow (bnc#1153158). CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176 (bnc#1152788). CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id132925
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132925
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3295-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-15916: Fixed a memory leak in register_queue_kobjects() which might have led denial of service (bsc#1149448). CVE-2019-0154: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1135966). CVE-2019-0155: Fixed an improper access control in subsystem for Intel (R) processor graphics whichs may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1135967). CVE-2019-16231: Fixed a NULL pointer dereference due to lack of checking the alloc_workqueue return value (bsc#1150466). CVE-2019-18805: Fixed an integer overflow in tcp_ack_update_rtt() leading to a denial of service or possibly unspecified other impact (bsc#1156187). CVE-2019-17055: Enforced CAP_NET_RAW in the AF_ISDN network module to restrict unprivileged users to create a raw socket (bsc#1152782). CVE-2019-16995: Fixed a memory leak in hsr_dev_finalize() which may have caused denial of service (bsc#1152685). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id132071
    published2019-12-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132071
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3295-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2984-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id131120
    published2019-11-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131120
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2984-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0543.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976) * kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Hyper-V][RHEL7.6]Hyper-V guest waiting indefinitely for RCU callback when removing a mem cgroup (BZ#1783175) Enhancement(s) : * Selective backport: perf: Sync with upstream v4.16 (BZ#1782751)
    last seen2020-03-18
    modified2020-02-19
    plugin id133786
    published2020-02-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133786
    titleRHEL 7 : kernel (RHSA-2020:0543)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2953-1.NASL
    descriptionThe SUSE Linux Enterprise 15-SP1 Azure Kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 (bnc#1117665 1152505 1155812 1155817 1155945) CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130951
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130951
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2953-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0339.NASL
    descriptionFrom Red Hat Security Advisory 2020:0339 : An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][8.1] Include patch
    last seen2020-06-01
    modified2020-06-02
    plugin id133591
    published2020-02-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133591
    titleOracle Linux 8 : kernel (ELSA-2020-0339)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0661.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976) * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Enhancement(s) : * Selective backport: perf: Sync with upstream v4.16 (BZ#1782748)
    last seen2020-03-18
    modified2020-03-06
    plugin id134260
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134260
    titleRHEL 7 : kernel (RHSA-2020:0661)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2068.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2019-2215 The syzkaller tool discovered a use-after-free vulnerability in the Android binder driver. A local user on a system with this driver enabled could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. However, this driver is not enabled on Debian packaged kernels. CVE-2019-10220 Various developers and researchers found that if a crafted file- system or malicious file server presented a directory with filenames including a
    last seen2020-03-17
    modified2020-01-21
    plugin id133101
    published2020-01-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133101
    titleDebian DLA-2068-1 : linux security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4184-2.NASL
    descriptionUSN-4184-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 (i915 missing Blitter Command Streamer check) was incomplete on 64-bit Intel x86 systems. Also, the update introduced a regression that broke KVM guests where extended page tables (EPT) are disabled or not supported. This update addresses both issues. We apologize for the inconvenience. Original advisory details : Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Jann Horn discovered a reference count underflow in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15791) Jann Horn discovered a type confusion vulnerability in the shiftfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15792) Jann Horn discovered that the shiftfs implementation in the Linux kernel did not use the correct file system uid/gid when the user namespace of a lower file system is not in the init user namespace. A local attacker could use this to possibly bypass DAC permissions or have some other unspecified impact. (CVE-2019-15793) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131012
    published2019-11-14
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131012
    titleUbuntu 18.04 LTS / 19.04 : linux, linux-hwe, linux-oem-osp1 vulnerability and regression (USN-4184-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2599.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says
    last seen2020-05-08
    modified2019-12-18
    plugin id132134
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132134
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2599)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1347.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1347 advisory. - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-07
    plugin id135252
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135252
    titleRHEL 7 : kernel (RHSA-2020:1347)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0839.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0839 advisory. - kernel: Count overflow in FUSE request leading to use- after-free issues. (CVE-2019-11487) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) - Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-03-23
    plugin id134825
    published2020-03-23
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134825
    titleRHEL 7 : kernel-rt (RHSA-2020:0839)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200317_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) - Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) Bug Fix(es) : - SL7.7 - default idle mishandles lazy irq state - Sanitize MM backported code for SL7 - A bio with a flush and write to an md device can be lost and never complete by the md layer - [FJ7.7 Bug]: [REG] Read from /proc/net/if_inet6 never stop. - SL7.7 - zfcp: fix reaction on bit error threshold notification - SL7.7 Snapshot3 - Kernel Panic when running LTP mm test on s390x - Leak in cachefiles driver - VFS: Busy inodes after unmount of loop0 when encountering duplicate directory inodes - Allocation failure in md
    last seen2020-03-21
    modified2020-03-18
    plugin id134648
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134648
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20200317)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0834.NASL
    descriptionFrom Red Hat Security Advisory 2020:0834 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0834 advisory. - kernel: Count overflow in FUSE request leading to use- after-free issues. (CVE-2019-11487) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) - Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-03-19
    plugin id134687
    published2020-03-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134687
    titleOracle Linux 7 : kernel (ELSA-2020-0834)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1524.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1524 advisory. - kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-30
    modified2020-04-22
    plugin id135910
    published2020-04-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135910
    titleRHEL 6 : kernel (RHSA-2020:1524)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2020-037.NASL
    descriptionAccording to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic. - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow. - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c. - kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c. - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c. - kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. - kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service. - kernel: offset2lib allows for the stack guard page to be jumped over. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2020-05-22
    plugin id136804
    published2020-05-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136804
    titleVirtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-037)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1042.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).(CVE-2019-15504) - In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.(CVE-2019-16714) - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16233) - An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.(CVE-2019-16089) - llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.(CVE-2019-17056) - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.(CVE-2019-17055) - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.(CVE-2019-17054) - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.(CVE-2019-17053) - ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.(CVE-2019-17052) - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075) - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666) - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133) - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.(CVE-2019-16746) - Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136) - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16234) - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.(CVE-2019-18806) - A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.(CVE-2019-18813) - A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.(CVE-2019-18809) - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.(CVE-2019-18808) - A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.(CVE-2019-19066) - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.(CVE-2019-19074) - A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.(CVE-2019-19073) - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.(CVE-2019-19063) - Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.(CVE-2019-19057) - A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.(CVE-2019-19056) - A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.(CVE-2019-19052) - An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.(CVE-2019-18814) - Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c , the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c , the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c , the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c , and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1.(CVE-2019-19083) - Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c , the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c , the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c , the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c , aka CID-104c307147ad.(CVE-2019-19082) - A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.(CVE-2019-19081) - Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.(CVE-2019-19080) - A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.(CVE-2019-19079) - A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.(CVE-2019-19078) - A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14.(CVE-2019-19077) - A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.(CVE-2019-19075) - A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.(CVE-2019-19071) - A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.(CVE-2019-19068) - ** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading.(CVE-2019-19067) - A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e.(CVE-2019-19065) - Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3. c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.(CVE-2019-19059) - A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.(CVE-2019-19058) - A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7.(CVE-2019-19051) - A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.(CVE-2019-19045) - A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.(CVE-2019-19072) - ** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began.(CVE-2019-19070) - ** DISPUTED ** A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a. NOTE: third parties dispute the relevance of this because unittest.c can only be reached during boot.(CVE-2019-19049) - In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.(CVE-2019-18786) - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.(CVE-2019-19054) - An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.(CVE-2019-18683) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132796
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132796
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : kernel (EulerOS-SA-2020-1042)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2531.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186) - The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.(CVE-2014-9892) - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.(CVE-2019-19054) - A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.(CVE-2019-19060) - A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.(CVE-2019-19061) - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.(CVE-2019-19062) - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.(CVE-2019-18808) - In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216) - A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332) - The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.(CVE-2016-4486) - The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.(CVE-2017-5897) - In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.(CVE-2017-7482) - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.(CVE-2018-14625) - drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16647) - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.(CVE-2019-18806) - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.(CVE-2018-7755) - The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.(CVE-2015-7833) - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.(CVE-2019-3846) - drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16232) - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16234) - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16231) - Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136) - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.(CVE-2019-10126) - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka
    last seen2020-05-08
    modified2019-12-09
    plugin id131805
    published2019-12-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131805
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2531)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0339.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][8.1] Include patch
    last seen2020-06-01
    modified2020-06-02
    plugin id133480
    published2020-02-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133480
    titleRHEL 8 : kernel (RHSA-2020:0339)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2879-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555). CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id130452
    published2019-11-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130452
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2879-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200422_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) - kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371)
    last seen2020-04-30
    modified2020-04-24
    plugin id135959
    published2020-04-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135959
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200422) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4185-1.NASL
    descriptionStephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions (TSX) could expose memory contents previously stored in microarchitectural buffers to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11135) It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2019-0155) Deepak Gupta discovered that on certain Intel processors, the Linux kernel did not properly perform invalidation on page table updates by virtual guest operating systems. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2018-12207) It was discovered that the Intel i915 graphics chipsets could cause a system hang when userspace performed a read from GT memory mapped input output (MMIO) when the product is in certain low power states. A local attacker could use this to cause a denial of service. (CVE-2019-0154) Hui Peng discovered that the Atheros AR6004 USB Wi-Fi device driver for the Linux kernel did not properly validate endpoint descriptors returned by the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15098) Ori Nimron discovered that the AX25 network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17052) Ori Nimron discovered that the IEEE 802.15.4 Low-Rate Wireless network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17053) Ori Nimron discovered that the Appletalk network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17054) Ori Nimron discovered that the modular ISDN network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17055) Ori Nimron discovered that the Near field Communication (NFC) network protocol implementation in the Linux kernel did not properly perform permissions checks. A local attacker could use this to create a raw socket. (CVE-2019-17056) Nico Waisman discovered that a buffer overflow existed in the Realtek Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-17666). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130965
    published2019-11-13
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130965
    titleUbuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, (USN-4185-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2949-1.NASL
    descriptionThe SUSE Linux Enterprise 12-SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130949
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130949
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2949-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1197.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Security Fix(es):An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.(CVE-2019-15213)An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.(CVE-2019-15215)An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.(CVE-2019-15217)An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.(CVE-2019-15212)An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.(CVE-2019-15216)An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.(CVE-2019-15090)An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15923)An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.(CVE-2019-15918)An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15922)An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file driverset/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in driverset/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.(CVE-2019-15924)A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel
    last seen2020-04-09
    modified2020-03-13
    plugin id134486
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134486
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1197)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-1524.NASL
    descriptionFrom Red Hat Security Advisory 2020:1524 : The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1524 advisory. - kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-24
    plugin id135957
    published2020-04-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135957
    titleOracle Linux 6 : kernel (ELSA-2020-1524) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0328.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * kernel-rt: update RT source tree to the RHEL-8.1.z2 source tree (BZ# 1780326)
    last seen2020-06-01
    modified2020-06-02
    plugin id133477
    published2020-02-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133477
    titleRHEL 8 : kernel-rt (RHSA-2020:0328)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2353.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):The yam_ioctl function in drivers et/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2187)Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.(CVE-2016-2384)The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.(CVE-2016-2782)The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138)The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3140)The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.(CVE-2016-3689)The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.(CVE-2016-4569)sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.(CVE-2016-4578)The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.(CVE-2016-7425)The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.(CVE-2017-1000379)In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes(CVE-2017-11089)An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.(CVE-2017-13167)In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216)A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.(CVE-2017-13305)An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.(CVE-2017-14051)The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.(CVE-2017-18232)An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.(CVE-2018-10322)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.(CVE-2018-12896)An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.(CVE-2018-17972)An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.(CVE-2018-18710 )An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers et/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.(CVE-2018-20511)An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518 )Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-12-10
    plugin id131845
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131845
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2444.NASL
    descriptionThe openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-16995: A memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c. if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d (bnc#1152685). - CVE-2019-16233: drivers/scsi/qla2xxx/qla_os.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150457). - CVE-2019-17666: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c lacked a certain upper-bound check, leading to a buffer overflow (bnc#1154372). - CVE-2019-16232: drivers/net/wireless/marvell/libertas/if_sdio.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150465). - CVE-2019-16234: drivers/net/wireless/intel/iwlwifi/pcie/trans.c did not check the alloc_workqueue return value, leading to a NULL pointer dereference (bnc#1150452). - CVE-2019-17133: cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c did not reject a long SSID IE, leading to a Buffer Overflow (bnc#1153158). - CVE-2019-17056: llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module did not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176 (bnc#1152788). The following non-security bugs were fixed : - 9p: avoid attaching writeback_fid on mmap with type PRIVATE (bsc#1051510). - ACPI / CPPC: do not require the _PSD method (bsc#1051510). - ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit() (bsc#1051510). - ACPI / processor: do not print errors for processorIDs == 0xff (bsc#1051510). - act_mirred: Fix mirred_init_module error handling (bsc#1051510). - Add Acer Aspire Ethos 8951G model quirk (bsc#1051510). - Add kernel module compression support (bsc#1135854) - ALSA: hda - Add a quirk model for fixing Huawei Matebook X right speaker (bsc#1051510). - ALSA: hda: Add Elkhart Lake PCI ID (bsc#1051510). - ALSA: hda - Add laptop imic fixup for ASUS M9V laptop (bsc#1051510). - ALSA: hda: Add support of Zhaoxin controller (bsc#1051510). - ALSA: hda: Add Tigerlake/Jasperlake PCI ID (bsc#1051510). - ALSA: hda - Apply AMD controller workaround for Raven platform (bsc#1051510). - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family (bsc#1051510). - ALSA: hda - Drop unsol event handler for Intel HDMI codecs (bsc#1051510). - ALSA: hda - Expand pin_match function to match upcoming new tbls (bsc#1051510). - ALSA: hda: Flush interrupts on disabling (bsc#1051510). - ALSA: hda - Force runtime PM on Nvidia HDMI codecs (bsc#1051510). - ALSA: hda/hdmi - Do not report spurious jack state changes (bsc#1051510). - ALSA: hda/hdmi: remove redundant assignment to variable pcm_idx (bsc#1051510). - ALSA: hda - Inform too slow responses (bsc#1051510). - ALSA: hda/realtek - Add support for ALC711 (bsc#1051510). - ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 (bsc#1051510). - ALSA: hda/realtek - Check beep whitelist before assigning in all codecs (bsc#1051510). - ALSA: hda/realtek - Enable headset mic on Asus MJ401TA (bsc#1051510). - ALSA: hda/realtek - Fix alienware headset mic (bsc#1051510). - ALSA: hda/realtek - PCI quirk for Medion E4254 (bsc#1051510). - ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 (bsc#1051510). - ALSA: hda: Set fifo_size for both playback and capture streams (bsc#1051510). - ALSA: hda - Show the fatal CORB/RIRB error more clearly (bsc#1051510). - ALSA: hda/sigmatel - remove unused variable
    last seen2020-06-01
    modified2020-06-02
    plugin id130582
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130582
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-2444)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2114.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-13093, CVE-2018-13094 Wen Xu from SSLab at Gatech reported several NULL pointer dereference flaws that may be triggered when mounting and operating a crafted XFS volume. An attacker able to mount arbitrary XFS volumes could use this to cause a denial of service (crash). CVE-2018-20976 It was discovered that the XFS file-system implementation did not correctly handle some mount failure conditions, which could lead to a use-after-free. The security impact of this is unclear. CVE-2018-21008 It was discovered that the rsi wifi driver did not correctly handle some failure conditions, which could lead to a use-after- free. The security impact of this is unclear. CVE-2019-0136 It was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages. A nearby attacker could use this for denial of service (loss of wifi connectivity). CVE-2019-2215 The syzkaller tool discovered a use-after-free vulnerability in the Android binder driver. A local user on a system with this driver enabled could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. However, this driver is not enabled on Debian packaged kernels. CVE-2019-10220 Various developers and researchers found that if a crafted file- system or malicious file server presented a directory with filenames including a
    last seen2020-03-17
    modified2020-03-06
    plugin id134240
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134240
    titleDebian DLA-2114-1 : linux-4.9 security update

Redhat

advisories
  • bugzilla
    id1763690
    titleCVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • commentkernel earlier than 0:2.6.32-754.29.1.el6 is currently running
          ovaloval:com.redhat.rhsa:tst:20201524027
        • commentkernel earlier than 0:2.6.32-754.29.1.el6 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20201524028
      • OR
        • AND
          • commentkernel-firmware is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524001
          • commentkernel-firmware is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842004
        • AND
          • commentkernel-doc is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524003
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-abi-whitelists is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524005
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentperf is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524007
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-headers is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524009
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel-devel is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524011
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-debug-devel is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524013
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel-debug is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524015
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524017
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentpython-perf is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524019
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-bootwrapper is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524021
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
        • AND
          • commentkernel-kdump-devel is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524023
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-kdump is earlier than 0:2.6.32-754.29.1.el6
            ovaloval:com.redhat.rhsa:tst:20201524025
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
    rhsa
    idRHSA-2020:1524
    released2020-04-22
    severityImportant
    titleRHSA-2020:1524: kernel security update (Important)
  • rhsa
    idRHSA-2020:0328
  • rhsa
    idRHSA-2020:0339
  • rhsa
    idRHSA-2020:0543
  • rhsa
    idRHSA-2020:0661
  • rhsa
    idRHSA-2020:0740
rpms
  • kernel-rt-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-core-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-core-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-debuginfo-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-devel-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-kvm-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-kvm-debuginfo-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-modules-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-modules-extra-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debuginfo-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debuginfo-common-x86_64-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-devel-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-kvm-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-kvm-debuginfo-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-modules-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-modules-extra-0:4.18.0-147.5.1.rt24.98.el8_1
  • bpftool-0:4.18.0-147.5.1.el8_1
  • bpftool-debuginfo-0:4.18.0-147.5.1.el8_1
  • kernel-0:4.18.0-147.5.1.el8_1
  • kernel-abi-whitelists-0:4.18.0-147.5.1.el8_1
  • kernel-core-0:4.18.0-147.5.1.el8_1
  • kernel-cross-headers-0:4.18.0-147.5.1.el8_1
  • kernel-debug-0:4.18.0-147.5.1.el8_1
  • kernel-debug-core-0:4.18.0-147.5.1.el8_1
  • kernel-debug-debuginfo-0:4.18.0-147.5.1.el8_1
  • kernel-debug-devel-0:4.18.0-147.5.1.el8_1
  • kernel-debug-modules-0:4.18.0-147.5.1.el8_1
  • kernel-debug-modules-extra-0:4.18.0-147.5.1.el8_1
  • kernel-debuginfo-0:4.18.0-147.5.1.el8_1
  • kernel-debuginfo-common-aarch64-0:4.18.0-147.5.1.el8_1
  • kernel-debuginfo-common-ppc64le-0:4.18.0-147.5.1.el8_1
  • kernel-debuginfo-common-s390x-0:4.18.0-147.5.1.el8_1
  • kernel-debuginfo-common-x86_64-0:4.18.0-147.5.1.el8_1
  • kernel-devel-0:4.18.0-147.5.1.el8_1
  • kernel-doc-0:4.18.0-147.5.1.el8_1
  • kernel-headers-0:4.18.0-147.5.1.el8_1
  • kernel-modules-0:4.18.0-147.5.1.el8_1
  • kernel-modules-extra-0:4.18.0-147.5.1.el8_1
  • kernel-tools-0:4.18.0-147.5.1.el8_1
  • kernel-tools-debuginfo-0:4.18.0-147.5.1.el8_1
  • kernel-tools-libs-0:4.18.0-147.5.1.el8_1
  • kernel-tools-libs-devel-0:4.18.0-147.5.1.el8_1
  • kernel-zfcpdump-0:4.18.0-147.5.1.el8_1
  • kernel-zfcpdump-core-0:4.18.0-147.5.1.el8_1
  • kernel-zfcpdump-debuginfo-0:4.18.0-147.5.1.el8_1
  • kernel-zfcpdump-devel-0:4.18.0-147.5.1.el8_1
  • kernel-zfcpdump-modules-0:4.18.0-147.5.1.el8_1
  • kernel-zfcpdump-modules-extra-0:4.18.0-147.5.1.el8_1
  • perf-0:4.18.0-147.5.1.el8_1
  • perf-debuginfo-0:4.18.0-147.5.1.el8_1
  • python3-perf-0:4.18.0-147.5.1.el8_1
  • python3-perf-debuginfo-0:4.18.0-147.5.1.el8_1
  • kernel-0:3.10.0-862.48.1.el7
  • kernel-abi-whitelists-0:3.10.0-862.48.1.el7
  • kernel-bootwrapper-0:3.10.0-862.48.1.el7
  • kernel-debug-0:3.10.0-862.48.1.el7
  • kernel-debug-debuginfo-0:3.10.0-862.48.1.el7
  • kernel-debug-devel-0:3.10.0-862.48.1.el7
  • kernel-debuginfo-0:3.10.0-862.48.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-862.48.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-862.48.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-862.48.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-862.48.1.el7
  • kernel-devel-0:3.10.0-862.48.1.el7
  • kernel-doc-0:3.10.0-862.48.1.el7
  • kernel-headers-0:3.10.0-862.48.1.el7
  • kernel-kdump-0:3.10.0-862.48.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-862.48.1.el7
  • kernel-kdump-devel-0:3.10.0-862.48.1.el7
  • kernel-tools-0:3.10.0-862.48.1.el7
  • kernel-tools-debuginfo-0:3.10.0-862.48.1.el7
  • kernel-tools-libs-0:3.10.0-862.48.1.el7
  • kernel-tools-libs-devel-0:3.10.0-862.48.1.el7
  • perf-0:3.10.0-862.48.1.el7
  • perf-debuginfo-0:3.10.0-862.48.1.el7
  • python-perf-0:3.10.0-862.48.1.el7
  • python-perf-debuginfo-0:3.10.0-862.48.1.el7
  • kernel-0:3.10.0-327.85.1.el7
  • kernel-abi-whitelists-0:3.10.0-327.85.1.el7
  • kernel-debug-0:3.10.0-327.85.1.el7
  • kernel-debug-debuginfo-0:3.10.0-327.85.1.el7
  • kernel-debug-devel-0:3.10.0-327.85.1.el7
  • kernel-debuginfo-0:3.10.0-327.85.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.85.1.el7
  • kernel-devel-0:3.10.0-327.85.1.el7
  • kernel-doc-0:3.10.0-327.85.1.el7
  • kernel-headers-0:3.10.0-327.85.1.el7
  • kernel-tools-0:3.10.0-327.85.1.el7
  • kernel-tools-debuginfo-0:3.10.0-327.85.1.el7
  • kernel-tools-libs-0:3.10.0-327.85.1.el7
  • kernel-tools-libs-devel-0:3.10.0-327.85.1.el7
  • perf-0:3.10.0-327.85.1.el7
  • perf-debuginfo-0:3.10.0-327.85.1.el7
  • python-perf-0:3.10.0-327.85.1.el7
  • python-perf-debuginfo-0:3.10.0-327.85.1.el7
  • kernel-0:4.14.0-115.18.1.el7a
  • kernel-abi-whitelists-0:4.14.0-115.18.1.el7a
  • kernel-bootwrapper-0:4.14.0-115.18.1.el7a
  • kernel-debug-0:4.14.0-115.18.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-debug-devel-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.18.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.18.1.el7a
  • kernel-devel-0:4.14.0-115.18.1.el7a
  • kernel-doc-0:4.14.0-115.18.1.el7a
  • kernel-headers-0:4.14.0-115.18.1.el7a
  • kernel-kdump-0:4.14.0-115.18.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-kdump-devel-0:4.14.0-115.18.1.el7a
  • kernel-tools-0:4.14.0-115.18.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.18.1.el7a
  • kernel-tools-libs-0:4.14.0-115.18.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.18.1.el7a
  • perf-0:4.14.0-115.18.1.el7a
  • perf-debuginfo-0:4.14.0-115.18.1.el7a
  • python-perf-0:4.14.0-115.18.1.el7a
  • python-perf-debuginfo-0:4.14.0-115.18.1.el7a
  • bpftool-0:4.18.0-80.16.1.el8_0
  • bpftool-debuginfo-0:4.18.0-80.16.1.el8_0
  • kernel-0:4.18.0-80.16.1.el8_0
  • kernel-abi-whitelists-0:4.18.0-80.16.1.el8_0
  • kernel-core-0:4.18.0-80.16.1.el8_0
  • kernel-cross-headers-0:4.18.0-80.16.1.el8_0
  • kernel-debug-0:4.18.0-80.16.1.el8_0
  • kernel-debug-core-0:4.18.0-80.16.1.el8_0
  • kernel-debug-debuginfo-0:4.18.0-80.16.1.el8_0
  • kernel-debug-devel-0:4.18.0-80.16.1.el8_0
  • kernel-debug-modules-0:4.18.0-80.16.1.el8_0
  • kernel-debug-modules-extra-0:4.18.0-80.16.1.el8_0
  • kernel-debuginfo-0:4.18.0-80.16.1.el8_0
  • kernel-debuginfo-common-aarch64-0:4.18.0-80.16.1.el8_0
  • kernel-debuginfo-common-ppc64le-0:4.18.0-80.16.1.el8_0
  • kernel-debuginfo-common-s390x-0:4.18.0-80.16.1.el8_0
  • kernel-debuginfo-common-x86_64-0:4.18.0-80.16.1.el8_0
  • kernel-devel-0:4.18.0-80.16.1.el8_0
  • kernel-doc-0:4.18.0-80.16.1.el8_0
  • kernel-headers-0:4.18.0-80.16.1.el8_0
  • kernel-modules-0:4.18.0-80.16.1.el8_0
  • kernel-modules-extra-0:4.18.0-80.16.1.el8_0
  • kernel-tools-0:4.18.0-80.16.1.el8_0
  • kernel-tools-debuginfo-0:4.18.0-80.16.1.el8_0
  • kernel-tools-libs-0:4.18.0-80.16.1.el8_0
  • kernel-zfcpdump-0:4.18.0-80.16.1.el8_0
  • kernel-zfcpdump-core-0:4.18.0-80.16.1.el8_0
  • kernel-zfcpdump-debuginfo-0:4.18.0-80.16.1.el8_0
  • kernel-zfcpdump-devel-0:4.18.0-80.16.1.el8_0
  • kernel-zfcpdump-modules-0:4.18.0-80.16.1.el8_0
  • kernel-zfcpdump-modules-extra-0:4.18.0-80.16.1.el8_0
  • perf-0:4.18.0-80.16.1.el8_0
  • perf-debuginfo-0:4.18.0-80.16.1.el8_0
  • python3-perf-0:4.18.0-80.16.1.el8_0
  • python3-perf-debuginfo-0:4.18.0-80.16.1.el8_0
  • bpftool-0:3.10.0-1062.18.1.el7
  • bpftool-debuginfo-0:3.10.0-1062.18.1.el7
  • kernel-0:3.10.0-1062.18.1.el7
  • kernel-abi-whitelists-0:3.10.0-1062.18.1.el7
  • kernel-bootwrapper-0:3.10.0-1062.18.1.el7
  • kernel-debug-0:3.10.0-1062.18.1.el7
  • kernel-debug-debuginfo-0:3.10.0-1062.18.1.el7
  • kernel-debug-devel-0:3.10.0-1062.18.1.el7
  • kernel-debuginfo-0:3.10.0-1062.18.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-1062.18.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-1062.18.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-1062.18.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-1062.18.1.el7
  • kernel-devel-0:3.10.0-1062.18.1.el7
  • kernel-doc-0:3.10.0-1062.18.1.el7
  • kernel-headers-0:3.10.0-1062.18.1.el7
  • kernel-kdump-0:3.10.0-1062.18.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-1062.18.1.el7
  • kernel-kdump-devel-0:3.10.0-1062.18.1.el7
  • kernel-tools-0:3.10.0-1062.18.1.el7
  • kernel-tools-debuginfo-0:3.10.0-1062.18.1.el7
  • kernel-tools-libs-0:3.10.0-1062.18.1.el7
  • kernel-tools-libs-devel-0:3.10.0-1062.18.1.el7
  • perf-0:3.10.0-1062.18.1.el7
  • perf-debuginfo-0:3.10.0-1062.18.1.el7
  • python-perf-0:3.10.0-1062.18.1.el7
  • python-perf-debuginfo-0:3.10.0-1062.18.1.el7
  • kernel-rt-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-debug-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-debug-devel-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-debug-kvm-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-debuginfo-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-devel-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-doc-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-kvm-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-trace-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-trace-devel-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-trace-kvm-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-1062.18.1.rt56.1044.el7
  • kernel-0:3.10.0-693.65.1.el7
  • kernel-abi-whitelists-0:3.10.0-693.65.1.el7
  • kernel-bootwrapper-0:3.10.0-693.65.1.el7
  • kernel-debug-0:3.10.0-693.65.1.el7
  • kernel-debug-debuginfo-0:3.10.0-693.65.1.el7
  • kernel-debug-devel-0:3.10.0-693.65.1.el7
  • kernel-debuginfo-0:3.10.0-693.65.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.65.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.65.1.el7
  • kernel-devel-0:3.10.0-693.65.1.el7
  • kernel-doc-0:3.10.0-693.65.1.el7
  • kernel-headers-0:3.10.0-693.65.1.el7
  • kernel-tools-0:3.10.0-693.65.1.el7
  • kernel-tools-debuginfo-0:3.10.0-693.65.1.el7
  • kernel-tools-libs-0:3.10.0-693.65.1.el7
  • kernel-tools-libs-devel-0:3.10.0-693.65.1.el7
  • perf-0:3.10.0-693.65.1.el7
  • perf-debuginfo-0:3.10.0-693.65.1.el7
  • python-perf-0:3.10.0-693.65.1.el7
  • python-perf-debuginfo-0:3.10.0-693.65.1.el7
  • kernel-rt-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-debug-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-devel-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-doc-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-firmware-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-trace-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.65.1.rt56.663.el6rt
  • bpftool-0:3.10.0-957.48.1.el7
  • kernel-0:3.10.0-957.48.1.el7
  • kernel-abi-whitelists-0:3.10.0-957.48.1.el7
  • kernel-bootwrapper-0:3.10.0-957.48.1.el7
  • kernel-debug-0:3.10.0-957.48.1.el7
  • kernel-debug-debuginfo-0:3.10.0-957.48.1.el7
  • kernel-debug-devel-0:3.10.0-957.48.1.el7
  • kernel-debuginfo-0:3.10.0-957.48.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-957.48.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-957.48.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-957.48.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-957.48.1.el7
  • kernel-devel-0:3.10.0-957.48.1.el7
  • kernel-doc-0:3.10.0-957.48.1.el7
  • kernel-headers-0:3.10.0-957.48.1.el7
  • kernel-kdump-0:3.10.0-957.48.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-957.48.1.el7
  • kernel-kdump-devel-0:3.10.0-957.48.1.el7
  • kernel-tools-0:3.10.0-957.48.1.el7
  • kernel-tools-debuginfo-0:3.10.0-957.48.1.el7
  • kernel-tools-libs-0:3.10.0-957.48.1.el7
  • kernel-tools-libs-devel-0:3.10.0-957.48.1.el7
  • perf-0:3.10.0-957.48.1.el7
  • perf-debuginfo-0:3.10.0-957.48.1.el7
  • python-perf-0:3.10.0-957.48.1.el7
  • python-perf-debuginfo-0:3.10.0-957.48.1.el7
  • kernel-0:3.10.0-514.74.1.el7
  • kernel-abi-whitelists-0:3.10.0-514.74.1.el7
  • kernel-bootwrapper-0:3.10.0-514.74.1.el7
  • kernel-debug-0:3.10.0-514.74.1.el7
  • kernel-debug-debuginfo-0:3.10.0-514.74.1.el7
  • kernel-debug-devel-0:3.10.0-514.74.1.el7
  • kernel-debuginfo-0:3.10.0-514.74.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.74.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.74.1.el7
  • kernel-devel-0:3.10.0-514.74.1.el7
  • kernel-doc-0:3.10.0-514.74.1.el7
  • kernel-headers-0:3.10.0-514.74.1.el7
  • kernel-tools-0:3.10.0-514.74.1.el7
  • kernel-tools-debuginfo-0:3.10.0-514.74.1.el7
  • kernel-tools-libs-0:3.10.0-514.74.1.el7
  • kernel-tools-libs-devel-0:3.10.0-514.74.1.el7
  • perf-0:3.10.0-514.74.1.el7
  • perf-debuginfo-0:3.10.0-514.74.1.el7
  • python-perf-0:3.10.0-514.74.1.el7
  • python-perf-debuginfo-0:3.10.0-514.74.1.el7
  • kernel-0:2.6.32-754.29.1.el6
  • kernel-abi-whitelists-0:2.6.32-754.29.1.el6
  • kernel-bootwrapper-0:2.6.32-754.29.1.el6
  • kernel-debug-0:2.6.32-754.29.1.el6
  • kernel-debug-debuginfo-0:2.6.32-754.29.1.el6
  • kernel-debug-devel-0:2.6.32-754.29.1.el6
  • kernel-debuginfo-0:2.6.32-754.29.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-754.29.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-754.29.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-754.29.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-754.29.1.el6
  • kernel-devel-0:2.6.32-754.29.1.el6
  • kernel-doc-0:2.6.32-754.29.1.el6
  • kernel-firmware-0:2.6.32-754.29.1.el6
  • kernel-headers-0:2.6.32-754.29.1.el6
  • kernel-kdump-0:2.6.32-754.29.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-754.29.1.el6
  • kernel-kdump-devel-0:2.6.32-754.29.1.el6
  • perf-0:2.6.32-754.29.1.el6
  • perf-debuginfo-0:2.6.32-754.29.1.el6
  • python-perf-0:2.6.32-754.29.1.el6
  • python-perf-debuginfo-0:2.6.32-754.29.1.el6

References