Vulnerabilities > CVE-2019-3016 - Race Condition vulnerability in Linux Kernel

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(134784);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");

  script_cve_id(
    "CVE-2019-19447",
    "CVE-2019-19768",
    "CVE-2019-19807",
    "CVE-2019-3016",
    "CVE-2020-2732",
    "CVE-2020-8428",
    "CVE-2020-8647",
    "CVE-2020-8648",
    "CVE-2020-8649",
    "CVE-2020-8992",
    "CVE-2020-9383"
  );

  script_name(english:"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1292)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - In the Linux kernel 5.0.21, mounting a crafted ext4
    filesystem image, performing some operations, and
    unmounting can lead to a use-after-free in
    ext4_put_super in fs/ext4/super.c, related to
    dump_orphan_list in fs/ext4/super.c.(CVE-2019-19447 )

  - In the Linux kernel 5.4.0-rc2, there is a
    use-after-free (read) in the __blk_add_trace function
    in kernel/trace/blktrace.c (which is used to fill out a
    blk_io_trace structure and place it in a per-cpu
    sub-buffer).(CVE-2019-19768)

  - ext4_protect_reserved_inode in fs/ext4/block_validity.c
    in the Linux kernel through 5.5.3 allows attackers to
    cause a denial of service (soft lockup) via a crafted
    journal size.(CVE-2020-8992)

  - An issue was discovered in the Linux kernel through
    5.5.6. set_fdc in drivers/block/floppy.c leads to a
    wait_til_ready out-of-bounds read because the FDC index
    is not checked for errors before assigning it, aka
    CID-2e90ca68b0d2.(CVE-2020-9383)

  - In the Linux kernel before 5.3.11, sound/core/timer.c
    has a use-after-free caused by erroneous code
    refactoring, aka CID-e7af6307a8a5. This is related to
    snd_timer_open and snd_timer_close_locked. The timeri
    variable was originally intended to be for a newly
    created timer instance, but was used for a different
    purpose after refactoring.(CVE-2019-19807)

  - Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor
    to access sensitive L1 resources(CVE-2020-2732)

  - There is a use-after-free vulnerability in the Linux
    kernel through 5.5.2 in the n_tty_receive_buf_common
    function in drivers/tty/n_tty.c.(CVE-2020-8648)

  - There is a use-after-free vulnerability in the Linux
    kernel through 5.5.2 in the vgacon_invert_region
    function in
    drivers/video/console/vgacon.c.(CVE-2020-8649)

  - There is a use-after-free vulnerability in the Linux
    kernel through 5.5.2 in the vc_do_resize function in
    drivers/tty/vt/vt.c.(CVE-2020-8647)

  - fs/namei.c in the Linux kernel before 5.5 has a
    may_create_in_sticky use-after-free, which allows local
    users to cause a denial of service (OOPS) or possibly
    obtain sensitive information from kernel memory, aka
    CID-d0cb50185ae9. One attack vector may be an open
    system call for a UNIX domain socket, if the socket is
    being moved to a new parent directory and its old
    parent directory is being removed.(CVE-2020-8428)

  - In a Linux KVM guest that has PV TLB enabled, a process
    in the guest kernel may be able to read memory
    locations from another process in the same guest. This
    problem is limit to the host running linux kernel 4.10
    with a guest running linux kernel 4.16 or later. The
    problem mainly affects AMD processors but Intel CPUs
    cannot be ruled out.(CVE-2019-3016)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1292
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bb4d37a7");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["bpftool-4.19.36-vhulk1907.1.0.h702.eulerosv2r8",
        "kernel-4.19.36-vhulk1907.1.0.h702.eulerosv2r8",
        "kernel-devel-4.19.36-vhulk1907.1.0.h702.eulerosv2r8",
        "kernel-headers-4.19.36-vhulk1907.1.0.h702.eulerosv2r8",
        "kernel-source-4.19.36-vhulk1907.1.0.h702.eulerosv2r8",
        "kernel-tools-4.19.36-vhulk1907.1.0.h702.eulerosv2r8",
        "kernel-tools-libs-4.19.36-vhulk1907.1.0.h702.eulerosv2r8",
        "perf-4.19.36-vhulk1907.1.0.h702.eulerosv2r8",
        "python-perf-4.19.36-vhulk1907.1.0.h702.eulerosv2r8",
        "python3-perf-4.19.36-vhulk1907.1.0.h702.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(136239);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");

  script_cve_id(
    "CVE-2019-10220",
    "CVE-2019-11135",
    "CVE-2019-11191",
    "CVE-2019-14895",
    "CVE-2019-14896",
    "CVE-2019-14897",
    "CVE-2019-14901",
    "CVE-2019-16229",
    "CVE-2019-16231",
    "CVE-2019-16232",
    "CVE-2019-19036",
    "CVE-2019-19037",
    "CVE-2019-19039",
    "CVE-2019-19060",
    "CVE-2019-19227",
    "CVE-2019-19252",
    "CVE-2019-19332",
    "CVE-2019-19338",
    "CVE-2019-19447",
    "CVE-2019-19524",
    "CVE-2019-19525",
    "CVE-2019-19526",
    "CVE-2019-19527",
    "CVE-2019-19529",
    "CVE-2019-19532",
    "CVE-2019-19534",
    "CVE-2019-19535",
    "CVE-2019-19536",
    "CVE-2019-19767",
    "CVE-2019-19768",
    "CVE-2019-19770",
    "CVE-2019-19807",
    "CVE-2019-19815",
    "CVE-2019-19922",
    "CVE-2019-19947",
    "CVE-2019-20095",
    "CVE-2019-20096",
    "CVE-2019-20636",
    "CVE-2019-3016",
    "CVE-2019-5108",
    "CVE-2020-0067",
    "CVE-2020-11494",
    "CVE-2020-11565",
    "CVE-2020-11608",
    "CVE-2020-11609",
    "CVE-2020-11668",
    "CVE-2020-11669",
    "CVE-2020-1749",
    "CVE-2020-2732",
    "CVE-2020-8428",
    "CVE-2020-8647",
    "CVE-2020-8648",
    "CVE-2020-8649",
    "CVE-2020-9383"
  );

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1536)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS Virtualization for ARM 64 installation on the remote host is
affected by the following vulnerabilities :

  - In the Linux kernel before 5.2.9, there is an info-leak
    bug that can be caused by a malicious USB device in the
    drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka
    CID-ead16e53c2f0.(CVE-2019-19536)

  - In the Linux kernel before 5.2.9, there is an info-leak
    bug that can be caused by a malicious USB device in the
    drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka
    CID-30a8beeb3042.(CVE-2019-19535)

  - vcs_write in drivers/tty/vt/vc_screen.c in the Linux
    kernel through 5.3.13 does not prevent write access to
    vcsu devices, aka CID-0c9acb1af77a.(CVE-2019-19252)

  - In the AppleTalk subsystem in the Linux kernel before
    5.1, there is a potential NULL pointer dereference
    because register_snap_client may return NULL. This will
    lead to denial of service in net/appletalk/aarp.c and
    net/appletalk/ddp.c, as demonstrated by
    unregister_snap_client, aka
    CID-9804501fa122.(CVE-2019-19227)

  - A memory leak in the adis_update_scan_mode() function
    in drivers/iio/imu/adis_buffer.c in the Linux kernel
    before 5.3.9 allows attackers to cause a denial of
    service (memory consumption), aka
    CID-ab612b1daf41.(CVE-2019-19060)

  - In the Linux kernel before 5.3.11, there is an
    info-leak bug that can be caused by a malicious USB
    device in the
    drivers/net/can/usb/peak_usb/pcan_usb_core.c driver,
    aka CID-f7a1337f0d29.(CVE-2019-19534)

  - In the Linux kernel before 5.3.11, there is a
    use-after-free bug that can be caused by a malicious
    USB device in the drivers/net/can/usb/mcba_usb.c
    driver, aka CID-4d6636498c41.(CVE-2019-19529)

  - In the Linux kernel before 5.3.9, there is a
    use-after-free bug that can be caused by a malicious
    USB device in the drivers/nfc/pn533/usb.c driver, aka
    CID-6af3aa57a098.(CVE-2019-19526)

  - In the Linux kernel before 5.3.6, there is a
    use-after-free bug that can be caused by a malicious
    USB device in the drivers/net/ieee802154/atusb.c
    driver, aka CID-7fd25e6fc035.(CVE-2019-19525)

  - In the Linux kernel before 5.3.9, there are multiple
    out-of-bounds write bugs that can be caused by a
    malicious USB device in the Linux kernel HID drivers,
    aka CID-d9d4b1e46d95. This affects
    drivers/hid/hid-axff.c, drivers/hid/hid-dr.c,
    drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c,
    drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c,
    drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c,
    drivers/hid/hid-lgff.c,
    drivers/hid/hid-logitech-hidpp.c,
    drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c,
    drivers/hid/hid-tmff.c, and
    drivers/hid/hid-zpff.c.(CVE-2019-19532)

  - In the Linux kernel before 5.2.10, there is a
    use-after-free bug that can be caused by a malicious
    USB device in the drivers/hid/usbhid/hiddev.c driver,
    aka CID-9c09b214f30e.(CVE-2019-19527)

  - ** DISPUTED ** The Linux kernel through 5.0.7, when
    CONFIG_IA32_AOUT is enabled and ia32_aout is loaded,
    allows local users to bypass ASLR on setuid a.out
    programs (if any exist) because install_exec_creds() is
    called too late in load_aout_binary() in
    fs/binfmt_aout.c, and thus the ptrace_may_access()
    check has a race condition when reading /proc/pid/stat.
    NOTE: the software maintainer disputes that this is a
    vulnerability because ASLR for a.out format executables
    has never been supported.(CVE-2019-11191)

  - In the Linux kernel before 5.3.12, there is a
    use-after-free bug that can be caused by a malicious
    USB device in the drivers/input/ff-memless.c driver,
    aka CID-fa3a5a1880c9.(CVE-2019-19524)

  - drivers/net/wireless/marvell/libertas/if_sdio.c in the
    Linux kernel 5.2.14 does not check the alloc_workqueue
    return value, leading to a NULL pointer
    dereference.(CVE-2019-16232)

  - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14
    does not check the alloc_workqueue return value,
    leading to a NULL pointer dereference.(CVE-2019-16231)

  - ** DISPUTED **
    drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux
    kernel 5.2.14 does not check the alloc_workqueue return
    value, leading to a NULL pointer dereference. NOTE: The
    security community disputes this issues as not being
    serious enough to be deserving a CVE
    id.(CVE-2019-16229)

  - Linux kernel CIFS implementation, version 4.9.0 is
    vulnerable to a relative paths injection in directory
    entry lists.(CVE-2019-10220)

  - A heap overflow flaw was found in the Linux kernel, all
    versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi
    chip driver. The vulnerability allows a remote attacker
    to cause a system crash, resulting in a denial of
    service, or execute arbitrary code. The highest threat
    with this vulnerability is with the availability of the
    system. If code execution occurs, the code will run
    with the permissions of root. This will affect both
    confidentiality and integrity of files on the
    system.(CVE-2019-14901)

  - The Linux kernel before 5.4.2 mishandles
    ext4_expand_extra_isize, as demonstrated by
    use-after-free errors in __ext4_expand_extra_isize and
    ext4_xattr_set_entry, related to fs/ext4/inode.c and
    fs/ext4/super.c, aka CID-4ea99936a163.(CVE-2019-19767)

  - A heap-based buffer overflow was discovered in the
    Linux kernel, all versions 3.x.x and 4.x.x before
    4.18.0, in Marvell WiFi chip driver. The flaw could
    occur when the station attempts a connection
    negotiation during the handling of the remote devices
    country settings. This could allow the remote device to
    cause a denial of service (system crash) or possibly
    execute arbitrary code.(CVE-2019-14895)

  - Linux Kernel could allow a local authenticated attacker
    to obtain sensitive information, caused by a
    Transaction Asynchronous Abort (TAA) h/w issue in KVM.
    By sending a specially-crafted request, an attacker
    could exploit this vulnerability to obtain sensitive
    information, and use this information to launch further
    attacks against the affected system.(CVE-2019-19338)

  - TSX Asynchronous Abort condition on some CPUs utilizing
    speculative execution may allow an authenticated user
    to potentially enable information disclosure via a side
    channel with local access.(CVE-2019-11135)

  - An out-of-bounds memory write issue was found in the
    Linux Kernel, version 3.13 through 5.4, in the way the
    Linux kernel's KVM hypervisor handled the
    'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID
    features emulated by the KVM hypervisor. A user or
    process able to access the '/dev/kvm' device could use
    this flaw to crash the system, resulting in a denial of
    service.(CVE-2019-19332)

  - kernel/sched/fair.c in the Linux kernel before 5.3.9,
    when cpu.cfs_quota_us is used (e.g., with Kubernetes),
    allows attackers to cause a denial of service against
    non-cpu-bound applications by generating a workload
    that triggers unwanted slice expiration, aka
    CID-de53fd7aedb1. (In other words, although this slice
    expiration would typically be seen with benign
    workloads, it is possible that an attacker could
    calculate how many stray requests are required to force
    an entire Kubernetes cluster into a low-performance
    state caused by slice expiration, and ensure that a
    DDoS attack sent that number of stray requests. An
    attack does not affect the stability of the kernel it
    only causes mismanagement of application
    execution.)(CVE-2019-19922)

  - A stack-based buffer overflow was found in the Linux
    kernel, version kernel-2.6.32, in Marvell WiFi chip
    driver. An attacker is able to cause a denial of
    service (system crash) or, possibly execute arbitrary
    code, when a STA works in IBSS mode (allows connecting
    stations together without the use of an AP) and
    connects to another STA.(CVE-2019-14897)

  - A heap-based buffer overflow vulnerability was found in
    the Linux kernel, version kernel-2.6.32, in Marvell
    WiFi chip driver. A remote attacker could cause a
    denial of service (system crash) or, possibly execute
    arbitrary code, when the lbs_ibss_join_existing
    function is called after a STA connects to an
    AP.(CVE-2019-14896)

  - In the Linux kernel through 5.4.6, there are
    information leaks of uninitialized memory to a USB
    device in the
    drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
    driver, aka CID-da2311a6385c.(CVE-2019-19947)

  - In the Linux kernel before 5.1, there is a memory leak
    in __feat_register_sp() in net/dccp/feat.c, which may
    cause denial of service, aka
    CID-1d3ff0950e2b.(CVE-2019-20096)

  - mwifiex_tm_cmd in
    drivers/net/wireless/marvell/mwifiex/cfg80211.c in the
    Linux kernel before 5.1.6 has some error-handling cases
    that did not free allocated hostcmd memory, aka
    CID-003b686ace82. This will cause a memory leak and
    denial of service.(CVE-2019-20095)

  - An exploitable denial-of-service vulnerability exists
    in the Linux kernel prior to mainline 5.3. An attacker
    could exploit this vulnerability by triggering AP to
    send IAPP location updates for stations before the
    required authentication process has completed. This
    could lead to different denial-of-service scenarios,
    either by causing CAM table attacks, or by leading to
    traffic flapping if faking already existing clients in
    other nearby APs of the same wireless infrastructure.
    An attacker can forge Authentication and Association
    Request packets to trigger this
    vulnerability.(CVE-2019-5108)

  - In a Linux KVM guest that has PV TLB enabled, a process
    in the guest kernel may be able to read memory
    locations from another process in the same guest. This
    problem is limit to the host running linux kernel 4.10
    with a guest running linux kernel 4.16 or later. The
    problem mainly affects AMD processors but Intel CPUs
    cannot be ruled out.(CVE-2019-3016)

  - fs/namei.c in the Linux kernel before 5.5 has a
    may_create_in_sticky use-after-free, which allows local
    users to cause a denial of service (OOPS) or possibly
    obtain sensitive information from kernel memory, aka
    CID-d0cb50185ae9. One attack vector may be an open
    system call for a UNIX domain socket, if the socket is
    being moved to a new parent directory and its old
    parent directory is being removed.(CVE-2020-8428)

  - There is a use-after-free vulnerability in the Linux
    kernel through 5.5.2 in the n_tty_receive_buf_common
    function in drivers/tty/n_tty.c.(CVE-2020-8648)

  - An issue was discovered in the Linux kernel through
    5.5.6. set_fdc in drivers/block/floppy.c leads to a
    wait_til_ready out-of-bounds read because the FDC index
    is not checked for errors before assigning it, aka
    CID-2e90ca68b0d2.(CVE-2020-9383)

  - There is a use-after-free vulnerability in the Linux
    kernel through 5.5.2 in the vgacon_invert_region
    function in
    drivers/video/console/vgacon.c.(CVE-2020-8649)

  - There is a use-after-free vulnerability in the Linux
    kernel through 5.5.2 in the vc_do_resize function in
    drivers/tty/vt/vt.c.(CVE-2020-8647)

  - In the Linux kernel 5.0.21, mounting a crafted ext4
    filesystem image, performing some operations, and
    unmounting can lead to a use-after-free in
    ext4_put_super in fs/ext4/super.c, related to
    dump_orphan_list in fs/ext4/super.c.(CVE-2019-19447)

  - A flaw was discovered in the way that the KVM
    hypervisor handled instruction emulation for an L2
    guest when nested virtualisation is enabled. Under some
    circumstances, an L2 guest may trick the L0 guest into
    accessing sensitive L1 resources that should be
    inaccessible to the L2 guest.(CVE-2020-2732)

  - In the Linux kernel before 5.3.11, sound/core/timer.c
    has a use-after-free caused by erroneous code
    refactoring, aka CID-e7af6307a8a5. This is related to
    snd_timer_open and snd_timer_close_locked. The timeri
    variable was originally intended to be for a newly
    created timer instance, but was used for a different
    purpose after refactoring.(CVE-2019-19807)

  - In the Linux kernel 5.4.0-rc2, there is a
    use-after-free (read) in the __blk_add_trace function
    in kernel/trace/blktrace.c (which is used to fill out a
    blk_io_trace structure and place it in a per-cpu
    sub-buffer).(CVE-2019-19768)

  - In the Linux kernel 5.0.21, mounting a crafted f2fs
    filesystem image can cause a NULL pointer dereference
    in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This
    is related to F2FS_P_SB in
    fs/f2fs/f2fs.h.(CVE-2019-19815)

  - ** DISPUTED ** __btrfs_free_extent in
    fs/btrfs/extent-tree.c in the Linux kernel through
    5.3.12 calls btrfs_print_leaf in a certain ENOENT case,
    which allows local users to obtain potentially
    sensitive information about register values via the
    dmesg program. NOTE: The BTRFS development team
    disputes this issues as not being a vulnerability
    because '1) The kernel provide facilities to restrict
    access to dmesg - dmesg_restrict=1 sysctl option. So
    it's really up to the system administrator to judge
    whether dmesg access shall be disallowed or not. 2)
    WARN/WARN_ON are widely used macros in the linux
    kernel. If this CVE is considered valid this would mean
    there are literally thousands CVE lurking in the kernel
    - something which clearly is not the
    case.'(CVE-2019-19039)

  - ext4_empty_dir in fs/ext4/namei.c in the Linux kernel
    through 5.3.12 allows a NULL pointer dereference
    because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be
    zero.(CVE-2019-19037)

  - btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel
    through 5.3.12 allows a NULL pointer dereference
    because rcu_dereference(root->node) can be
    zero.(CVE-2019-19036)

  - In the Linux kernel 4.19.83, there is a use-after-free
    (read) in the debugfs_remove function in
    fs/debugfs/inode.c (which is used to remove a file or
    directory in debugfs that was previously created with a
    call to another debugfs function such as
    debugfs_create_file).(CVE-2019-19770)

  - An issue was discovered in slc_bump in
    drivers/net/can/slcan.c in the Linux kernel through
    5.6.2. It allows attackers to read uninitialized
    can_frame data, potentially containing sensitive
    information from kernel stack memory, if the
    configuration lacks CONFIG_INIT_STACK_ALL, aka
    CID-b9258a2cece4.(CVE-2020-11494)

  - An issue was discovered in the Linux kernel through
    5.6.2. mpol_parse_str in mm/mempolicy.c has a
    stack-based out-of-bounds write because an empty
    nodelist is mishandled during mount option parsing, aka
    CID-aa9f7d5172fa.(CVE-2020-11565)

  - A flaw was found in the Linux kernel's implementation
    of some networking protocols in IPsec, such as VXLAN
    and GENEVE tunnels over IPv6. When an encrypted tunnel
    is created between two hosts, the kernel isn't
    correctly routing tunneled data over the encrypted link
    rather sending the data unencrypted. This would allow
    anyone in between the two endpoints to read the traffic
    unencrypted. The main threat from this vulnerability is
    to data confidentiality.(CVE-2020-1749)

  - An issue was discovered in the stv06xx subsystem in the
    Linux kernel before 5.6.1.
    drivers/media/usb/gspca/stv06xx/stv06xx.c and
    drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c
    mishandle invalid descriptors, as demonstrated by a
    NULL pointer dereference, aka
    CID-485b06aadb93.(CVE-2020-11609)

  - An issue was discovered in the Linux kernel before
    5.6.1. drivers/media/usb/gspca/ov519.c allows NULL
    pointer dereferences in ov511_mode_init_regs and
    ov518_mode_init_regs when there are zero endpoints, aka
    CID-998912346c0d.(CVE-2020-11608)

  - In the Linux kernel before 5.4.12,
    drivers/input/input.c has out-of-bounds writes via a
    crafted keycode table, as demonstrated by
    input_set_keycode, aka
    CID-cb222aed03d7.(CVE-2019-20636)

  - In the Linux kernel before 5.6.1,
    drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink
    camera USB driver) mishandles invalid descriptors, aka
    CID-a246b4d54770.(CVE-2020-11668)

  - An issue was discovered in the Linux kernel through
    5.6.2. mpol_parse_str in mm/mempolicy.c has a
    stack-based out-of-bounds write because an empty
    nodelist is mishandled during mount option parsing, aka
    CID-aa9f7d5172fa.(CVE-2020-0067)

  - An issue was discovered in the Linux kernel before 5.2
    on the powerpc platform.
    arch/powerpc/kernel/idle_book3s.S does not have
    save/restore functionality for PNV_POWERSAVE_AMR,
    PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka
    CID-53a712bae5dd.(CVE-2020-11669)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1536
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a90e7d8e");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["kernel-4.19.36-vhulk1907.1.0.h729",
        "kernel-devel-4.19.36-vhulk1907.1.0.h729",
        "kernel-headers-4.19.36-vhulk1907.1.0.h729",
        "kernel-tools-4.19.36-vhulk1907.1.0.h729",
        "kernel-tools-libs-4.19.36-vhulk1907.1.0.h729",
        "kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h729",
        "perf-4.19.36-vhulk1907.1.0.h729",
        "python-perf-4.19.36-vhulk1907.1.0.h729"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4300-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(134658);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/14");

  script_cve_id("CVE-2019-18809", "CVE-2019-19043", "CVE-2019-19053", "CVE-2019-19056", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19064", "CVE-2019-19066", "CVE-2019-19068", "CVE-2019-3016", "CVE-2020-2732");
  script_xref(name:"USN", value:"4300-1");

  script_name(english:"Ubuntu 18.04 LTS / 19.10 : linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, (USN-4300-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the KVM implementation in the Linux kernel,
when paravirtual TLB flushes are enabled in guests, the hypervisor in
some situations could miss deferred TLB flushes or otherwise mishandle
them. An attacker in a guest VM could use this to expose sensitive
information (read memory from another guest VM). (CVE-2019-3016)

Paulo Bonzini discovered that the KVM hypervisor implementation in the
Linux kernel could improperly let a nested (level 2) guest access the
resources of a parent (level 1) guest in certain situations. An
attacker could use this to expose sensitive information.
(CVE-2020-2732)

It was discovered that the Afatech AF9005 DVB-T USB device driver in
the Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial
of service (kernel memory exhaustion). (CVE-2019-18809)

It was discovered that the Intel(R) XL710 Ethernet Controller device
driver in the Linux kernel did not properly deallocate memory in
certain error conditions. A local attacker could possibly use this to
cause a denial of service (kernel memory exhaustion). (CVE-2019-19043)

It was discovered that the RPMSG character device interface in the
Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial
of service (kernel memory exhaustion). (CVE-2019-19053)

It was discovered that the Marvell Wi-Fi device driver in the Linux
kernel did not properly deallocate memory in certain error conditions.
A local attacker could use this to possibly cause a denial of service
(kernel memory exhaustion). (CVE-2019-19056)

It was discovered that the Intel(R) Wi-Fi device driver in the Linux
kernel device driver in the Linux kernel did not properly deallocate
memory in certain error conditions. A local attacker could possibly
use this to cause a denial of service (kernel memory exhaustion).
(CVE-2019-19058, CVE-2019-19059)

It was discovered that the Serial Peripheral Interface (SPI) driver in
the Linux kernel device driver in the Linux kernel did not properly
deallocate memory in certain error conditions. A local attacker could
possibly use this to cause a denial of service (kernel memory
exhaustion). (CVE-2019-19064)

It was discovered that the Brocade BFA Fibre Channel device driver in
the Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial
of service (kernel memory exhaustion). (CVE-2019-19066)

It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in
the Linux kernel did not properly deallocate memory in certain error
conditions. A local attacker could possibly use this to cause a denial
of service (kernel memory exhaustion). (CVE-2019-19068).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/4300-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2732");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-oracle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 19.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2019-18809", "CVE-2019-19043", "CVE-2019-19053", "CVE-2019-19056", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19064", "CVE-2019-19066", "CVE-2019-19068", "CVE-2019-3016", "CVE-2020-2732");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4300-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.3.0-1014-gcp", pkgver:"5.3.0-1014.15~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.3.0-1014-gke", pkgver:"5.3.0-1014.15~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.3.0-1019-raspi2", pkgver:"5.3.0-1019.21~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.3.0-42-generic", pkgver:"5.3.0-42.34~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.3.0-42-generic-lpae", pkgver:"5.3.0-42.34~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.3.0-42-lowlatency", pkgver:"5.3.0-42.34~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-gcp-edge", pkgver:"5.3.0.1014.13")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-hwe-18.04", pkgver:"5.3.0.42.99")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-lpae-hwe-18.04", pkgver:"5.3.0.42.99")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-gke-5.3", pkgver:"5.3.0.1014.4")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-lowlatency-hwe-18.04", pkgver:"5.3.0.42.99")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-raspi2-hwe-18.04", pkgver:"5.3.0.1019.8")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-snapdragon-hwe-18.04", pkgver:"5.3.0.42.99")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-virtual-hwe-18.04", pkgver:"5.3.0.42.99")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-1011-oracle", pkgver:"5.3.0-1011.12")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-1012-kvm", pkgver:"5.3.0-1012.13")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-1013-aws", pkgver:"5.3.0-1013.14")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-1014-gcp", pkgver:"5.3.0-1014.15")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-1019-raspi2", pkgver:"5.3.0-1019.21")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-42-generic", pkgver:"5.3.0-42.34")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-42-generic-lpae", pkgver:"5.3.0-42.34")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-42-lowlatency", pkgver:"5.3.0-42.34")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-5.3.0-42-snapdragon", pkgver:"5.3.0-42.34")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-aws", pkgver:"5.3.0.1013.15")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-gcp", pkgver:"5.3.0.1014.15")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-generic", pkgver:"5.3.0.42.36")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-generic-lpae", pkgver:"5.3.0.42.36")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-gke", pkgver:"5.3.0.1014.15")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-kvm", pkgver:"5.3.0.1012.14")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-lowlatency", pkgver:"5.3.0.42.36")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-oracle", pkgver:"5.3.0.1011.12")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-raspi2", pkgver:"5.3.0.1019.16")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-snapdragon", pkgver:"5.3.0.42.36")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"linux-image-virtual", pkgver:"5.3.0.42.36")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-5.3-aws / linux-image-5.3-gcp / linux-image-5.3-generic / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2020-5526.
#

include("compat.inc");

if (description)
{
  script_id(133381);
  script_version("1.4");
  script_cvs_date("Date: 2020/02/12");

  script_cve_id("CVE-2019-3016");

  script_name(english:"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5526)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Description of changes:

[4.14.35-1902.10.4.el7uek]
- kvm: Don't reference vcpu->arch.st in arch-independent code (Boris Ostrovsky)  [Orabug: 30489861]
- kvm: fix compile on s390 part 2 (Christian Borntraeger)  [Orabug: 30489861]
- kvm: fix compilation on s390 (Paolo Bonzini)  [Orabug: 30489861]
- kvm: fix compilation on aarch64 (Paolo Bonzini)  [Orabug: 30489861]

[4.14.35-1902.10.3.el7uek]
- x86/KVM: Clean up host's steal time structure (Boris Ostrovsky)  [Orabug: 30489861]  {CVE-2019-3016} {CVE-2019-3016}
- x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (Boris Ostrovsky)  [Orabug: 30489861]  {CVE-2019-3016} {CVE-2019-3016}
- x86/kvm: Cache gfn to pfn translation (Boris Ostrovsky)  [Orabug: 30489861]  {CVE-2019-3016} {CVE-2019-3016}
- x86/kvm: Introduce kvm_(un)map_gfn() (Boris Ostrovsky)  [Orabug: 30489861]  {CVE-2019-3016} {CVE-2019-3016}
- x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (Boris Ostrovsky)  [Orabug: 30489861]  {CVE-2019-3016} {CVE-2019-3016}
- KVM: Properly check if 'page' is valid in kvm_vcpu_unmap (KarimAllah Ahmed)  [Orabug: 30489861]
- KVM: Introduce a new guest mapping API (KarimAllah Ahmed)  [Orabug: 30489861]
- KVM: x86: svm: make sure NMI is injected after nmi_singlestep (Vitaly Kuznetsov)  [Orabug: 30714532]"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2020-January/009565.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected unbreakable enterprise kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/31");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
include("ksplice.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2019-3016");  
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2020-5526");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

kernel_major_minor = get_kb_item("Host/uname/major_minor");
if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
expected_kernel_major_minor = "4.14";
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);

flag = 0;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-4.14.35-1902.10.4.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-4.14.35-1902.10.4.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-devel-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-devel-4.14.35-1902.10.4.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-devel-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-devel-4.14.35-1902.10.4.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-doc-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-doc-4.14.35-1902.10.4.el7uek")) flag++;
if (rpm_exists(release:"EL7", rpm:"kernel-uek-tools-4.14.35") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-tools-4.14.35-1902.10.4.el7uek")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(135129);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/06");

  script_cve_id(
    "CVE-2019-11135",
    "CVE-2019-14895",
    "CVE-2019-14896",
    "CVE-2019-14897",
    "CVE-2019-19332",
    "CVE-2019-19338",
    "CVE-2019-19922",
    "CVE-2019-19947",
    "CVE-2019-20095",
    "CVE-2019-20096",
    "CVE-2019-3016",
    "CVE-2019-5108",
    "CVE-2020-8428",
    "CVE-2020-8647",
    "CVE-2020-8648",
    "CVE-2020-8649",
    "CVE-2020-9383"
  );

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1342)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS Virtualization for ARM 64 installation on the remote host is
affected by the following vulnerabilities :

  - A heap-based buffer overflow was discovered in the
    Linux kernel's Marvell WiFi chip driver. The flaw could
    occur when the station attempts a connection
    negotiation during the handling of the remote devices
    country settings. This could allow the remote device to
    cause a denial of service (system crash) or possibly
    execute arbitrary code.(CVE-2019-14895)

  - A flaw was found in the fix for CVE-2019-11135, the way
    Intel CPUs handle speculative execution of instructions
    when a TSX Asynchronous Abort (TAA) error occurs. When
    a guest is running on a host CPU affected by the TAA
    flaw (TAA_NO=0), but is not affected by the MDS issue
    (MDS_NO=1), the guest was to clear the affected buffers
    by using a VERW instruction mechanism. But when the
    MDS_NO=1 bit was exported to the guests, the guests did
    not use the VERW mechanism to clear the affected
    buffers. This issue affects guests running on Cascade
    Lake CPUs and requires that host has 'TSX' enabled.
    Confidentiality of data is the highest threat
    associated with this vulnerability.(CVE-2019-19338)

  - A flaw was found in the way Intel CPUs handle
    speculative execution of instructions when the TSX
    Asynchronous Abort (TAA) error occurs. A local
    authenticated attacker with the ability to monitor
    execution times could infer the TSX memory state by
    comparing abort execution times. This could allow
    information disclosure via this observed side-channel
    for any TSX transaction being executed while an
    attacker is able to observe abort timing. Intel's
    Transactional Synchronisation Extensions (TSX) are set
    of instructions which enable transactional memory
    support to improve performance of the multi-threaded
    applications, in the lock-protected critical sections.
    The CPU executes instructions in the critical-sections
    as transactions, while ensuring their atomic state.
    When such transaction execution is unsuccessful, the
    processor cannot ensure atomic updates to the
    transaction memory, so the processor rolls back or
    aborts such transaction execution. While TSX
    Asynchronous Abort (TAA) is pending, CPU may continue
    to read data from architectural buffers and pass it to
    the dependent speculative operations. This may cause
    information leakage via speculative side-channel means,
    which is quite similar to the Microarchitectural Data
    Sampling (MDS) issue.(CVE-2019-11135)

  - An out-of-bounds memory write issue was found in the
    way the Linux kernel's KVM hypervisor handled the
    'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID
    features emulated by the KVM hypervisor. A user or
    process able to access the '/dev/kvm' device could use
    this flaw to crash the system, resulting in a denial of
    service.(CVE-2019-19332)

  - A flaw was found in the Linux kernel's scheduler, where
    it can allow attackers to cause a denial of service
    against non-CPU-bound applications by generating a
    workload that triggers unwanted scheduling slice
    expiration. A local attacker who can trigger a specific
    workload type could abuse this technique to trigger a
    system to be seen as degraded, and possibly trigger
    workload-rebalance in systems that use the
    slice-expiration metric as a measure of system
    health.(CVE-2019-19922)

  - A stack-based buffer overflow was found in the Linux
    kernel's Marvell WiFi chip driver. An attacker is able
    to cause a denial of service (system crash) or,
    possibly execute arbitrary code, when a STA works in
    IBSS mode (allows connecting stations together without
    the use of an AP) and connects to another
    STA.(CVE-2019-14897)

  - A heap-based buffer overflow vulnerability was found in
    the Linux kernel's Marvell WiFi chip driver. A remote
    attacker could cause a denial of service (system crash)
    or, possibly execute arbitrary code, when the
    lbs_ibss_join_existing function is called after a STA
    connects to an AP.(CVE-2019-14896)

  - A flaw was found in the Linux kernel in versions
    through 5.4.6, containing information leaks of
    uninitialized memory to a USB device. The latest
    findings show that the uninitialized memory allocation
    was not leading to an information leak, but was
    allocating the memory assigned with data on the next
    line and hence causing no violation..(CVE-2019-19947)

  - A flaw was found in the Linux kernel's implementation
    of the Datagram Congestion Control Protocol (DCCP). A
    local attacker with access to the system can create
    DCCP sockets to cause a memory leak and repeat this
    operation to exhaust all memory and panic the
    system.(CVE-2019-20096)

  - A flaw was found in the Linux kernel's mwifiex driver
    implementation when connecting to other WiFi devices in
    'Test Mode.' A kernel memory leak can occur if an error
    condition is met during the parameter negotiation. This
    issue can lead to a denial of service if multiple error
    conditions meeting the repeated connection attempts are
    attempted.(CVE-2019-20095)

  - A flaw was found in the Linux kernel's implementation
    of the WiFi station handoff code. An attacker within
    the radio range could use this flaw to deny a valid
    device from joining the access point.(CVE-2019-5108)

  - A flaw was found in the way Linux kernel's KVM
    hypervisor handled deferred TLB flush requests from
    guest. A race condition may occur between the guest
    issuing a deferred TLB flush request to KVM, and then
    KVM handling and acknowledging it. This may result in
    invalid address translations from TLB being used to
    access guest memory, leading to a potential information
    leakage issue. An attacker may use this flaw to access
    guest memory locations that it should not have access
    to.(CVE-2019-3016)

  - fs/namei.c in the Linux kernel before 5.5 has a
    may_create_in_sticky use-after-free, which allows local
    users to cause a denial of service (OOPS) or possibly
    obtain sensitive information from kernel memory, aka
    CID-d0cb50185ae9. One attack vector may be an open
    system call for a UNIX domain socket, if the socket is
    being moved to a new parent directory and its old
    parent directory is being removed.(CVE-2020-8428)

  - There is a use-after-free vulnerability in the Linux
    kernel through 5.5.2 in the n_tty_receive_buf_common
    function in drivers/tty/n_tty.c.(CVE-2020-8648)

  - An issue was discovered in the Linux kernel through
    5.5.6. set_fdc in drivers/block/floppy.c leads to a
    wait_til_ready out-of-bounds read because the FDC index
    is not checked for errors before assigning it, aka
    CID-2e90ca68b0d2.(CVE-2020-9383)

  - There is a use-after-free vulnerability in the Linux
    kernel through 5.5.2 in the vgacon_invert_region
    function in
    drivers/video/console/vgacon.c.(CVE-2020-8649)

  - There is a use-after-free vulnerability in the Linux
    kernel through 5.5.2 in the vc_do_resize function in
    drivers/tty/vt/vt.c.(CVE-2020-8647)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1342
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3ae277fb");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["kernel-4.19.36-vhulk1907.1.0.h697.eulerosv2r8",
        "kernel-devel-4.19.36-vhulk1907.1.0.h697.eulerosv2r8",
        "kernel-headers-4.19.36-vhulk1907.1.0.h697.eulerosv2r8",
        "kernel-tools-4.19.36-vhulk1907.1.0.h697.eulerosv2r8",
        "kernel-tools-libs-4.19.36-vhulk1907.1.0.h697.eulerosv2r8",
        "kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h697.eulerosv2r8",
        "perf-4.19.36-vhulk1907.1.0.h697.eulerosv2r8",
        "python-perf-4.19.36-vhulk1907.1.0.h697.eulerosv2r8",
        "python3-perf-4.19.36-vhulk1907.1.0.h697.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}