Vulnerabilities > CVE-2019-6974 - Use After Free vulnerability in multiple products

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
linux
debian
canonical
f5
redhat
CWE-416
nessus
exploit available

Summary

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

Vulnerable Configurations

Part Description Count
OS
Linux
1421
OS
Debian
1
OS
Canonical
5
OS
Redhat
10
Application
F5
413
Application
Redhat
1

Common Weakness Enumeration (CWE)

Exploit-Db

fileexploits/linux/dos/46388.txt
idEDB-ID:46388
last seen2019-02-15
modified2019-02-15
platformlinux
port
published2019-02-15
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/46388
titleLinux - 'kvm_ioctl_create_device()' NULL Pointer Dereference
typedos

Nessus

  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL11186236.NASL
    descriptionIn the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. (CVE-2019-6974) Impact BIG-IP An attacker may use this vulnerability to cause a vCMP guest to crash,resulting in a denial-of-service orgain privileged access to the vCMP hypervisor host system. This vulnerability affects only hardware platforms that are vCMP-capable and are provisioned for vCMP. For a list of vCMP capable hardware platforms, refer to K14088: vCMP host and compatible guest version matrix. BIG-IQ, Enterprise Manager, F5 iWorkflow, Traffix SDC There is no impact; these F5 products are not affected by this vulnerability.
    last seen2020-05-03
    modified2019-12-31
    plugin id132554
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132554
    titleF5 Networks BIG-IP : Linux kernel KVM subsystem vulnerability (K11186236)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from F5 Networks BIG-IP Solution K11186236.
    #
    # The text description of this plugin is (C) F5 Networks.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132554);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id("CVE-2019-6974");
    
      script_name(english:"F5 Networks BIG-IP : Linux kernel KVM subsystem vulnerability (K11186236)");
      script_summary(english:"Checks the BIG-IP version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote device is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "In the Linux kernel before 4.20.8, kvm_ioctl_create_device in
    virt/kvm/kvm_main.c mishandles reference counting because of a race
    condition, leading to a use-after-free. (CVE-2019-6974)
    
    Impact
    
    BIG-IP
    
    An attacker may use this vulnerability to cause a vCMP guest to
    crash,resulting in a denial-of-service orgain privileged access to the
    vCMP hypervisor host system. This vulnerability affects only hardware
    platforms that are vCMP-capable and are provisioned for vCMP. For a
    list of vCMP capable hardware platforms, refer to K14088: vCMP host
    and compatible guest version matrix.
    
    BIG-IQ, Enterprise Manager, F5 iWorkflow, Traffix SDC
    
    There is no impact; these F5 products are not affected by this
    vulnerability."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://support.f5.com/csp/article/K11186236"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://support.f5.com/csp/article/K14088"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade to one of the non-vulnerable versions listed in the F5
    Solution K11186236."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"F5 Networks Local Security Checks");
    
      script_dependencies("f5_bigip_detect.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
    
      exit(0);
    }
    
    
    include("f5_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    version = get_kb_item("Host/BIG-IP/version");
    if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
    if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
    if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
    
    sol = "K11186236";
    vmatrix = make_array();
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    # AFM
    vmatrix["AFM"] = make_array();
    vmatrix["AFM"]["affected"  ] = make_list("15.0.0-15.0.1","14.0.0-14.1.2","13.0.0-13.1.3");
    vmatrix["AFM"]["unaffected"] = make_list("15.1.0","14.1.2.4","13.1.3.2");
    
    # AM
    vmatrix["AM"] = make_array();
    vmatrix["AM"]["affected"  ] = make_list("15.0.0-15.0.1","14.0.0-14.1.2","13.0.0-13.1.3");
    vmatrix["AM"]["unaffected"] = make_list("15.1.0","14.1.2.4","13.1.3.2");
    
    # APM
    vmatrix["APM"] = make_array();
    vmatrix["APM"]["affected"  ] = make_list("15.0.0-15.0.1","14.0.0-14.1.2","13.0.0-13.1.3");
    vmatrix["APM"]["unaffected"] = make_list("15.1.0","14.1.2.4","13.1.3.2");
    
    # ASM
    vmatrix["ASM"] = make_array();
    vmatrix["ASM"]["affected"  ] = make_list("15.0.0-15.0.1","14.0.0-14.1.2","13.0.0-13.1.3");
    vmatrix["ASM"]["unaffected"] = make_list("15.1.0","14.1.2.4","13.1.3.2");
    
    # AVR
    vmatrix["AVR"] = make_array();
    vmatrix["AVR"]["affected"  ] = make_list("15.0.0-15.0.1","14.0.0-14.1.2","13.0.0-13.1.3");
    vmatrix["AVR"]["unaffected"] = make_list("15.1.0","14.1.2.4","13.1.3.2");
    
    # GTM
    vmatrix["GTM"] = make_array();
    vmatrix["GTM"]["affected"  ] = make_list("15.0.0-15.0.1","14.0.0-14.1.2","13.0.0-13.1.3");
    vmatrix["GTM"]["unaffected"] = make_list("15.1.0","14.1.2.4","13.1.3.2");
    
    # LC
    vmatrix["LC"] = make_array();
    vmatrix["LC"]["affected"  ] = make_list("15.0.0-15.0.1","14.0.0-14.1.2","13.0.0-13.1.3");
    vmatrix["LC"]["unaffected"] = make_list("15.1.0","14.1.2.4","13.1.3.2");
    
    # LTM
    vmatrix["LTM"] = make_array();
    vmatrix["LTM"]["affected"  ] = make_list("15.0.0-15.0.1","14.0.0-14.1.2","13.0.0-13.1.3");
    vmatrix["LTM"]["unaffected"] = make_list("15.1.0","14.1.2.4","13.1.3.2");
    
    # PEM
    vmatrix["PEM"] = make_array();
    vmatrix["PEM"]["affected"  ] = make_list("15.0.0-15.0.1","14.0.0-14.1.2","13.0.0-13.1.3");
    vmatrix["PEM"]["unaffected"] = make_list("15.1.0","14.1.2.4","13.1.3.2");
    
    # WAM
    vmatrix["WAM"] = make_array();
    vmatrix["WAM"]["affected"  ] = make_list("15.0.0-15.0.1","14.0.0-14.1.2","13.0.0-13.1.3");
    vmatrix["WAM"]["unaffected"] = make_list("15.1.0","14.1.2.4","13.1.3.2");
    
    
    if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
    {
      if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = bigip_get_tested_modules();
      audit_extra = "For BIG-IP module(s) " + tested + ",";
      if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
      else audit(AUDIT_HOST_NOT, "running any of the affected modules");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0077_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. (CVE-2017-15121) - A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127285
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127285
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0077)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0077. The text
    # itself is copyright (C) ZTE, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127285);
      script_version("1.2");
      script_cvs_date("Date: 2019/09/24 11:01:33");
    
      script_cve_id(
        "CVE-2017-7294",
        "CVE-2017-15121",
        "CVE-2017-15126",
        "CVE-2019-6974",
        "CVE-2019-7221"
      );
      script_bugtraq_id(107127, 107294);
    
      script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0077)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by
    multiple vulnerabilities:
    
      - A non-privileged user is able to mount a fuse filesystem
        on RHEL 6 or 7 and crash a system if an application
        punches a hole in a file that does not end aligned to a
        page boundary. (CVE-2017-15121)
    
      - A flaw was found in the Linux kernel's handling of fork
        failure when dealing with event messages in the
        userfaultfd code. Failure to fork correctly can create a
        fork event that will be removed from an already freed
        list of events. (CVE-2017-15126)
    
      - An out-of-bounds write vulnerability was found in the
        Linux kernel's vmw_surface_define_ioctl() function, in
        the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due
        to the nature of the flaw, privilege escalation cannot
        be fully ruled out, although we believe it is unlikely.
        (CVE-2017-7294)
    
      - A use-after-free vulnerability was found in the way the
        Linux kernel's KVM hypervisor implements its device
        control API. While creating a device via
        kvm_ioctl_create_device(), the device holds a reference
        to a VM object, later this reference is transferred to
        the caller's file descriptor table. If such file
        descriptor was to be closed, reference count to the VM
        object could become zero, potentially leading to a use-
        after-free issue. A user/process could use this flaw to
        crash the guest VM resulting in a denial of service
        issue or, potentially, gain privileged access to a
        system. (CVE-2019-6974)
    
      - A use-after-free vulnerability was found in the way the
        Linux kernel's KVM hypervisor emulates a preemption
        timer for L2 guests when nested (=1) virtualization is
        enabled. This high resolution timer(hrtimer) runs when a
        L2 guest is active. After VM exit, the sync_vmcs12()
        timer object is stopped. The use-after-free occurs if
        the timer object is freed before calling sync_vmcs12()
        routine. A guest user/process could use this flaw to
        crash the host kernel resulting in a denial of service
        or, potentially, gain privileged access to a system.
        (CVE-2019-7221)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0077");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15126");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.04" &&
        release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.04": [
        "kernel-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-core-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "perf-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "python-perf-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite",
        "python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.331.gfd9c070.lite"
      ],
      "CGSL MAIN 5.04": [
        "kernel-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "perf-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "python-perf-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133",
        "python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.13.328.gaf0e133"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0818.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * rbd: avoid corruption on partially completed bios [rhel-7.6.z] (BZ#1672514) * xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] (BZ#1673281) * Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821) * [NOKIA] RHEL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] (BZ#1677179) * RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] (BZ#1678214) * [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] (BZ#1678215) * [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216) * RFC: Regression with -fstack-check in
    last seen2020-06-01
    modified2020-06-02
    plugin id124416
    published2019-05-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124416
    titleCentOS 7 : kernel (CESA-2019:0818)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:0818 and 
    # CentOS Errata and Security Advisory 2019:0818 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124416);
      script_version("1.5");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2019-6974", "CVE-2019-7221");
      script_xref(name:"RHSA", value:"2019:0818");
    
      script_name(english:"CentOS 7 : kernel (CESA-2019:0818)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()
    (CVE-2019-6974)
    
    * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of
    the preemption timer (CVE-2019-7221)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Bug Fix(es) :
    
    * rbd: avoid corruption on partially completed bios [rhel-7.6.z]
    (BZ#1672514)
    
    * xfs_vm_writepages deadly embrace between kworker and user task.
    [rhel-7.6.z] (BZ#1673281)
    
    * Offload Connections always get vlan priority 0 [rhel-7.6.z]
    (BZ#1673821)
    
    * [NOKIA] RHEL sends flood of Neighbour Solicitations under specific
    conditions [rhel-7.6.z] (BZ#1677179)
    
    * RHEL 7.6 - Host crash occurred on NVMe/IB system while running
    controller reset [rhel-7.6.z] (BZ#1678214)
    
    * [rhel7] raid0 md workqueue deadlock with stacked md devices
    [rhel-7.6.z] (BZ#1678215)
    
    * [PureStorage7.6]nvme disconnect following an unsuccessful Admin
    queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)
    
    * RFC: Regression with -fstack-check in 'backport upstream large stack
    guard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221)
    
    * [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after
    ifdown/ifup [rhel-7.6.z] (BZ#1679997)
    
    * rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z]
    (BZ#1683078)
    
    * ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)
    
    * high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing
    qrouter fail-over [rhel-7.6.z] (BZ#1683093)
    
    * Openshift node drops outgoing POD traffic due to NAT hashtable race
    in __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)
    
    * [Backport] [v3,2/2] net: igmp: Allow user-space configuration of
    igmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)
    
    * [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter
    [rhel-7.6.z] (BZ#1687487)
    
    * The number of unsolict report about IGMP is incorrect [rhel-7.6.z]
    (BZ# 1688225)
    
    * RDT driver causing failure to boot on AMD Rome system with more than
    255 CPUs [rhel-7.6.z] (BZ#1689120)
    
    * mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)
    
    * rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ#
    1690323)
    
    Users of kernel are advised to upgrade to these updated packages,
    which fix these bugs."
      );
      # https://lists.centos.org/pipermail/centos-announce/2019-April/023278.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c7a8db01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6974");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bpftool");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bpftool-3.10.0-957.12.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-3.10.0-957.12.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-957.12.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-3.10.0-957.12.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-957.12.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-devel-3.10.0-957.12.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-doc-3.10.0-957.12.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-headers-3.10.0-957.12.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-3.10.0-957.12.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-957.12.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-957.12.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perf-3.10.0-957.12.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-perf-3.10.0-957.12.1.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3931-1.NASL
    descriptionM. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service (guest VM crash). (CVE-2018-14678) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308) It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912) It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123678
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123678
    titleUbuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, (USN-3931-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3931-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123678);
      script_version("1.6");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id("CVE-2018-14678", "CVE-2018-18021", "CVE-2018-19824", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-7308", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9213");
      script_xref(name:"USN", value:"3931-1");
    
      script_name(english:"Ubuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, (USN-3931-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not
    properly set up all arguments to an error handler callback used when
    running as a paravirtualized guest. An unprivileged attacker in a
    paravirtualized guest VM could use this to cause a denial of service
    (guest VM crash). (CVE-2018-14678)
    
    It was discovered that the KVM implementation in the Linux kernel on
    ARM 64bit processors did not properly handle some ioctls. An attacker
    with the privilege to create KVM-based virtual machines could use this
    to cause a denial of service (host system crash) or execute arbitrary
    code in the host. (CVE-2018-18021)
    
    Mathias Payer and Hui Peng discovered a use-after-free vulnerability
    in the Advanced Linux Sound Architecture (ALSA) subsystem. A
    physically proximate attacker could use this to cause a denial of
    service (system crash). (CVE-2018-19824)
    
    Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an
    information leak in the Bluetooth implementation of the Linux kernel.
    An attacker within Bluetooth range could use this to expose sensitive
    information (kernel memory). (CVE-2019-3459, CVE-2019-3460)
    
    Jann Horn discovered that the KVM implementation in the Linux kernel
    contained a use-after-free vulnerability. An attacker in a guest VM
    with access to /dev/kvm could use this to cause a denial of service
    (guest VM crash). (CVE-2019-6974)
    
    Jim Mattson and Felix Wilhelm discovered a use-after-free
    vulnerability in the KVM subsystem of the Linux kernel, when using
    nested virtual machines. A local attacker in a guest VM could use this
    to cause a denial of service (system crash) or possibly execute
    arbitrary code in the host system. (CVE-2019-7221)
    
    Felix Wilhelm discovered that an information leak vulnerability
    existed in the KVM subsystem of the Linux kernel, when nested
    virtualization is used. A local attacker could use this to expose
    sensitive information (host system memory to a guest VM).
    (CVE-2019-7222)
    
    Jann Horn discovered that the eBPF implementation in the Linux kernel
    was insufficiently hardened against Spectre V1 attacks. A local
    attacker could use this to expose sensitive information.
    (CVE-2019-7308)
    
    It was discovered that a use-after-free vulnerability existed in the
    user- space API for crypto (af_alg) implementation in the Linux
    kernel. A local attacker could use this to cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2019-8912)
    
    It was discovered that the Linux kernel did not properly deallocate
    memory when handling certain errors while reading files. A local
    attacker could use this to cause a denial of service (excessive memory
    consumption). (CVE-2019-8980)
    
    Jann Horn discovered that the mmap implementation in the Linux kernel
    did not properly check for the mmap minimum address in some
    situations. A local attacker could use this to assist exploiting a
    kernel NULL pointer dereference vulnerability. (CVE-2019-9213).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3931-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8912");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-14678", "CVE-2018-18021", "CVE-2018-19824", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-7308", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9213");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3931-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1010-oracle", pkgver:"4.15.0-1010.12")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1029-gcp", pkgver:"4.15.0-1029.31")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1031-kvm", pkgver:"4.15.0-1031.31")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1033-raspi2", pkgver:"4.15.0-1033.35")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1035-aws", pkgver:"4.15.0-1035.37")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1035-oem", pkgver:"4.15.0-1035.40")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-47-generic", pkgver:"4.15.0-47.50")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-47-generic-lpae", pkgver:"4.15.0-47.50")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-47-lowlatency", pkgver:"4.15.0-47.50")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-47-snapdragon", pkgver:"4.15.0-47.50")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-aws", pkgver:"4.15.0.1035.34")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-gcp", pkgver:"4.15.0.1029.31")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic", pkgver:"4.15.0.47.49")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-lpae", pkgver:"4.15.0.47.49")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-gke", pkgver:"4.15.0.1029.31")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-kvm", pkgver:"4.15.0.1031.31")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-lowlatency", pkgver:"4.15.0.47.49")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-oem", pkgver:"4.15.0.1035.40")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-oracle", pkgver:"4.15.0.1010.13")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-raspi2", pkgver:"4.15.0.1033.31")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-snapdragon", pkgver:"4.15.0.47.49")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"linux-image-virtual", pkgver:"4.15.0.47.49")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-aws / linux-image-4.15-gcp / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4612.NASL
    descriptionDescription of changes: [4.14.35-1844.4.5.el7uek] - x86/apic/x2apic: set back affinity of a single interrupt to one cpu (Mridula Shastry) [Orabug: 29510342] [4.14.35-1844.4.4.el7uek] - ext4: fix data corruption caused by unaligned direct AIO (Lukas Czerner) [Orabug: 29598590] - swiotlb: checking whether swiotlb buffer is full with io_tlb_used (Dongli Zhang) [Orabug: 29587097] - swiotlb: add debugfs to track swiotlb buffer usage (Dongli Zhang) [Orabug: 29587097] - swiotlb: fix comment on swiotlb_bounce() (Dongli Zhang) [Orabug: 29587097] - scsi: target: add device product id and revision configfs attributes (Alan Adamson) [Orabug: 29344881] - scsi: target: remove hardcoded T10 Vendor ID in INQUIRY response (David Disseldorp) [Orabug: 29344881] - scsi: target: add device vendor_id configfs attribute (David Disseldorp) [Orabug: 29344881] - scsi: target: consistently null-terminate t10_wwn strings (David Disseldorp) [Orabug: 29344881] - scsi: target: use consistent left-aligned ASCII INQUIRY data (David Disseldorp) [Orabug: 29344881] - x86/speculation: Keep enhanced IBRS on when prctl is used for SSBD control (Alejandro Jimenez) [Orabug: 29526400] - drm/amdkfd: fix amdkfd use-after-free GP fault (Randy Dunlap) [Orabug: 29534199] [4.14.35-1844.4.3.el7uek] - can: gw: ensure DLC boundaries after CAN frame modification (Oliver Hartkopp) [Orabug: 29215297] {CVE-2019-3701} {CVE-2019-3701} [4.14.35-1844.4.2.el7uek] - x86/speculation: Clean up enhanced IBRS checks in bugs.c (Alejandro Jimenez) [Orabug: 29423796] - x86/speculation: Keep enhanced IBRS on when spec_store_bypass_disable=on is used (Alejandro Jimenez) [Orabug: 29423796] - kvm/speculation: Allow KVM guests to use SSBD even if host does not (Alejandro Jimenez) [Orabug: 29423796] - exec: Fix mem leak in kernel_read_file (YueHaibing) [Orabug: 29454858] {CVE-2019-8980} - net: crypto set sk to NULL when af_alg_release. (Mao Wenan) [Orabug: 29454874] {CVE-2019-8912} - {net, IB}/mlx5: Raise fatal IB event when sys error occurs (Daniel Jurgens) [Orabug: 29479744] - net/mlx5e: Avoid query PPCNT register if not supported by the device (Eyal Davidovich) [Orabug: 29479795] - mm: enforce min addr even if capable() in expand_downwards() (Jann Horn) [Orabug: 29501977] {CVE-2019-9213} - [UEK-5] IB/mlx5_core: Use kzalloc when allocating PD (Erez Alfasi) [Orabug: 29479806] - IB/mlx5: Change debugfs to have per port contents (Parav Pandit) [Orabug: 29486784] - Revert
    last seen2020-06-01
    modified2020-06-02
    plugin id124048
    published2019-04-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124048
    titleOracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4612)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0901-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.176 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728) CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). CVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host
    last seen2020-06-01
    modified2020-06-02
    plugin id123927
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123927
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0901-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0683-1.NASL
    descriptionThis update for the Linux Kernel 4.4.121-92_73 fixes several issues. The following security issues were fixed : CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123061
    published2019-03-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123061
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0683-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0765-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758). CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id123413
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123413
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0765-1) (Spectre)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1165.NASL
    descriptionA use-after-free vulnerability was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id122602
    published2019-03-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122602
    titleAmazon Linux AMI : kernel (ALAS-2019-1165)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2019-046.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in the way KVM implements its device control API. When a device is created via kvm_ioctl_create_device(), it holds a reference to a VM object. This reference is transferred to file descriptor table of the caller. If such file descriptor was closed, reference count to the VM object could become zero, which could lead to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service or, potentially, gain privileged access to a system. - A use-after-free vulnerability was found in the way KVM emulates a preemption timer for L2 guests when nested virtualization is enabled. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system. - It was discovered that a certain sequence of operations related to IPv4 routing could trigger a kernel memory leak. An attacker could potentially exploit that from a container to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133455
    published2020-02-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133455
    titleVirtuozzo 7 : readykernel-patch (VZA-2019-046)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0709-1.NASL
    descriptionThis update for the Linux Kernel 4.4.121-92_98 fixes several issues. The following security issues were fixed : CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123066
    published2019-03-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123066
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0709-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1771.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-14625 A use-after-free bug was found in the vhost driver for the Virtual Socket protocol. If this driver is used to communicate with a malicious virtual machine guest, the guest could read sensitive information from the host kernel. CVE-2018-16884 A flaw was found in the NFS 4.1 client implementation. Mounting NFS shares in multiple network namespaces at the same time could lead to a user-after-free. Local users might be able to use this for denial of service (memory corruption or crash) or possibly for privilege escalation. This can be mitigated by disabling unprivileged users from creating user namespaces, which is the default in Debian. CVE-2018-19824 Hui Peng and Mathias Payer discovered a use-after-free bug in the USB audio driver. A physically present attacker able to attach a specially designed USB device could use this for privilege escalation. CVE-2018-19985 Hui Peng and Mathias Payer discovered a missing bounds check in the hso USB serial driver. A physically present user able to attach a specially designed USB device could use this to read sensitive information from the kernel or to cause a denial of service (crash). CVE-2018-20169 Hui Peng and Mathias Payer discovered missing bounds checks in the USB core. A physically present attacker able to attach a specially designed USB device could use this to cause a denial of service (crash) or possibly for privilege escalation. CVE-2018-1000026 It was discovered that Linux could forward aggregated network packets with a segmentation size too large for the output device. In the specific case of Broadcom NetXtremeII 10Gb adapters, this would result in a denial of service (firmware crash). This update adds a mitigation to the bnx2x driver for this hardware. CVE-2019-3459, CVE-2019-3460 Shlomi Oberman, Yuli Shapiro and Karamba Security Ltd. research team discovered missing range checks in the Bluetooth L2CAP implementation. If Bluetooth is enabled, a nearby attacker could use these to read sensitive information from the kernel. CVE-2019-3701 Muyu Yu and Marcus Meissner reported that the CAN gateway implementation allowed the frame length to be modified, typically resulting in out-of-bounds memory-mapped I/O writes. On a system with CAN devices present, a local user with CAP_NET_ADMIN capability in the initial net namespace could use this to cause a crash (oops) or other hardware-dependent impact. CVE-2019-3819 A potential infinite loop was discovered in the HID debugfs interface exposed under /sys/kernel/debug/hid. A user with access to these files could use this for denial of service. This interface is only accessible to root by default, which fully mitigates the issue. CVE-2019-6974 Jann Horn reported a use-after-free bug in KVM. A local user with access to /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2019-7221 Jim Mattson and Felix Wilhelm reported a user-after-free bug in KVM
    last seen2020-06-01
    modified2020-06-02
    plugin id124595
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124595
    titleDebian DLA-1771-1 : linux-4.9 security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3930-1.NASL
    descriptionMathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308) It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912) Jakub Jirasek discovered a use-after-free vulnerability in the SCTP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8956) It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980) It was discovered that a use-after-free vulnerability existed in the IPMI implementation in the Linux kernel. A local attacker with access to the IPMI character device files could use this to cause a denial of service (system crash). (CVE-2019-9003) Jann Horn discovered that the SNMP NAT implementation in the Linux kernel performed insufficient ASN.1 length checks. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9162) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123676
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123676
    titleUbuntu 18.10 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 (USN-3930-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0828-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. (bnc#1107829). CVE-2019-7221: The KVM implementation in the Linux kernel had a Use-after-Free (bnc#1124732). CVE-2019-7222: The KVM implementation in the Linux kernel had an Information Leak (bnc#1124735). CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, which led to a use-after-free (bnc#1124728). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123635
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123635
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0828-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0541-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.175 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728) CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732). CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host
    last seen2020-06-01
    modified2020-06-02
    plugin id122609
    published2019-03-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122609
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3930-2.NASL
    descriptionUSN-3930-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308) It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912) Jakub Jirasek discovered a use-after-free vulnerability in the SCTP implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8956) It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980) It was discovered that a use-after-free vulnerability existed in the IPMI implementation in the Linux kernel. A local attacker with access to the IPMI character device files could use this to cause a denial of service (system crash). (CVE-2019-9003) Jann Horn discovered that the SNMP NAT implementation in the Linux kernel performed insufficient ASN.1 length checks. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-9162) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123677
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123677
    titleUbuntu 18.04 LTS : linux-hwe, linux-azure vulnerabilities (USN-3930-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0722-1.NASL
    descriptionThis update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed : CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123125
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123125
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0722-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0833.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * VM hangs on RHEL rt-kernel and OSP 13 [rhel-7.6.z] (BZ#1688673) * kernel-rt: update to the RHEL7.6.z batch#4 source tree (BZ#1689417) Users of kernel are advised to upgrade to these updated packages, which fix these bugs.
    last seen2020-06-01
    modified2020-06-02
    plugin id124259
    published2019-04-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124259
    titleRHEL 7 : kernel-rt (RHSA-2019:0833)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1255.NASL
    descriptionAccording to the version of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A use-after-free vulnerability was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-04-04
    plugin id123723
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123723
    titleEulerOS Virtualization 2.5.3 : kvm (EulerOS-SA-2019-1255)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1450.NASL
    descriptionAccording to the versions of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call.(CVE-2016-3713) - Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.(CVE-2016-8630) - Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest.(CVE-2017-2583) - arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.(CVE-2017-2584) - A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (i1/4z1024) index value.(CVE-2017-1000252) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor
    last seen2020-03-19
    modified2019-05-14
    plugin id124953
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124953
    titleEulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2019-045.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in the way KVM implements its device control API. When a device is created via kvm_ioctl_create_device(), it holds a reference to a VM object. This reference is transferred to file descriptor table of the caller. If such file descriptor was closed, reference count to the VM object could become zero, which could lead to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service or, potentially, gain privileged access to a system. - A use-after-free vulnerability was found in the way KVM emulates a preemption timer for L2 guests when nested virtualization is enabled. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system. - It was discovered that a certain sequence of operations related to IPv4 routing could trigger a kernel memory leak. An attacker could potentially exploit that from a container to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133454
    published2020-02-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133454
    titleVirtuozzo 7 : readykernel-patch (VZA-2019-045)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190423_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) - Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221) Bug Fix(es) : - rbd: avoid corruption on partially completed bios [rhel-7.6.z] - xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] - Offload Connections always get vlan priority 0 [rhel-7.6.z] - [NOKIA] SL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] - SL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] - [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] - [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] - RFC: Regression with -fstack-check in
    last seen2020-03-18
    modified2019-04-25
    plugin id124290
    published2019-04-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124290
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20190423)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0076_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. (CVE-2017-15121) - A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127283
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127283
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0076)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1289-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS) CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel. For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736 The following security bugs were fixed: CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010). CVE-2017-1000407: By flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (bnc#1071021). CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674). CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240). CVE-2017-7472: The KEYS subsystem allowed local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls (bnc#1034862). CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target
    last seen2020-06-01
    modified2020-06-02
    plugin id125283
    published2019-05-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125283
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3967.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221) * kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service (CVE-2017-18208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * A cluster node has multiple hung
    last seen2020-06-01
    modified2020-06-02
    plugin id131375
    published2019-11-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131375
    titleRHEL 7 : kernel (RHSA-2019:3967)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0672-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_104 fixes several issues. The following security issues were fixed : CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734). CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729). CVE-2018-5391: The Linux kernel was vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker might have caused a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bsc#1103098). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123000
    published2019-03-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123000
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0672-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1731.NASL
    descriptionThe linux update issued as DLA-1731-1 caused a regression in the vmxnet3 (VMware virtual network adapter) driver. This update corrects that regression, and an earlier regression in the CIFS network filesystem implementation introduced in DLA-1422-1. For reference the original advisory text follows. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2016-10741 A race condition was discovered in XFS that would result in a crash (BUG). A local user permitted to write to an XFS volume could use this for denial of service. CVE-2017-5753 Further instances of code that was vulnerable to Spectre variant 1 (bounds-check bypass) have been mitigated. CVE-2017-13305 A memory over-read was discovered in the keys subsystem
    last seen2020-06-01
    modified2020-06-02
    plugin id123420
    published2019-03-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123420
    titleDebian DLA-1731-2 : linux regression update (Spectre)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-169-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126031
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126031
    titleSlackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0085_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities: - A use-after-free vulnerability was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127301
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127301
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0085)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0784-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). CVE-2019-9213: expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id123496
    published2019-03-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123496
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0784-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1531.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call.(CVE-2013-4343i1/4%0 - It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.(CVE-2016-7042i1/4%0 - A flaw was found in the Linux kernel that fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode. This allows local users to cause a denial of service by modifying a certain e_cpos field.(CVE-2017-18224i1/4%0 - The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-9075i1/4%0 - In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel, up to and including 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412i1/4%0 - A race condition flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124984
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124984
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1531)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0086_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: - Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub- operations. These sub-operations allow the processor to hand-off address generation logic into these sub- operations for optimized writes. Both of these sub- operations write to a shared distributed processor structure called the
    last seen2020-06-01
    modified2020-06-02
    plugin id127302
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127302
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0086)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-3DA64F3E61.NASL
    descriptionThe 4.20.8 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122278
    published2019-02-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122278
    titleFedora 28 : kernel / kernel-headers / kernel-tools (2019-3da64f3e61)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2019-042.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in the way KVM implements its device control API. When a device is created via kvm_ioctl_create_device(), it holds a reference to a VM object. This reference is transferred to file descriptor table of the caller. If such file descriptor was closed, reference count to the VM object could become zero, which could lead to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service or, potentially, gain privileged access to a system. - A use-after-free vulnerability was found in the way KVM emulates a preemption timer for L2 guests when nested virtualization is enabled. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system. - It was discovered that a certain sequence of operations related to IPv4 routing could trigger a kernel memory leak. An attacker could potentially exploit that from a container to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133453
    published2020-02-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133453
    titleVirtuozzo 7 : readykernel-patch (VZA-2019-042)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0767-1.NASL
    descriptionThe SUSE Linux Enterprise Server 12 SP4 Azure kernel was updated to fix various issues. The following security bugs were fixed : CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166 1128378 1129016). CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209). CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (
    last seen2020-06-01
    modified2020-06-02
    plugin id123445
    published2019-03-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123445
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:0767-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2809.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * Kernel: page cache side channel attacks (CVE-2019-5489) * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [kernel-alt]: BUG: unable to handle kernel NULL pointer IP: crypto_remove_spawns+0x118/0x2e0 (BZ#1536967) * [HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages (BZ#1610534) * RHEL-Alt-7.6 - powerpc/pseries: Fix uninitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ #1673613) * RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in FIPS mode (BZ#1673979) * RHEL-Alt-7.6 - System crashed after oom - During ICP deployment (BZ# 1710304) * kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127) * RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3 cores in quad and misses last core. (CORAL) (BZ#1717836) * RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN (BZ# 1717906) * fragmented packets timing out (BZ#1729066) * Backport TCP follow-up for small buffers (BZ#1733617) Enhancement(s) : * RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading nest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036)
    last seen2020-06-01
    modified2020-06-02
    plugin id129145
    published2019-09-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129145
    titleRHEL 7 : kernel-alt (RHSA-2019:2809)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1076.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial of service.(CVE-2018-14641) - A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system.(CVE-2018-5391) - The resv_map_release function in mm/hugetlb.c in the Linux kernel, through 4.15.7, allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. (CVE-2018-7740) - A use-after-free vulnerability was found in the way the Linux kernel
    last seen2020-05-06
    modified2019-03-08
    plugin id122699
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122699
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1076)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0818.NASL
    descriptionFrom Red Hat Security Advisory 2019:0818 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * rbd: avoid corruption on partially completed bios [rhel-7.6.z] (BZ#1672514) * xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] (BZ#1673281) * Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821) * [NOKIA] RHEL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] (BZ#1677179) * RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] (BZ#1678214) * [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] (BZ#1678215) * [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216) * RFC: Regression with -fstack-check in
    last seen2020-06-01
    modified2020-06-02
    plugin id124254
    published2019-04-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124254
    titleOracle Linux 7 : kernel (ELSA-2019-0818)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0103.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853) * kernel: TLB flush happens too late on mremap (CVE-2018-18281) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * guest softlockup in mem_cgroup_reparent_charges with 800GB guests (BZ# 1770111) * [RHEL7.7] Refined TSC clocksource calibration occasionally fails on some SkyLake-X servers (BZ#1775682)
    last seen2020-06-01
    modified2020-06-02
    plugin id132886
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132886
    titleRHEL 7 : kernel (RHSA-2020:0103)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0818.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * rbd: avoid corruption on partially completed bios [rhel-7.6.z] (BZ#1672514) * xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] (BZ#1673281) * Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821) * [NOKIA] RHEL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] (BZ#1677179) * RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] (BZ#1678214) * [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] (BZ#1678215) * [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216) * RFC: Regression with -fstack-check in
    last seen2020-06-01
    modified2020-06-02
    plugin id124256
    published2019-04-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124256
    titleRHEL 7 : kernel (RHSA-2019:0818)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-164946AA7F.NASL
    descriptionThe 4.20.8 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122275
    published2019-02-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122275
    titleFedora 29 : kernel / kernel-headers / kernel-tools (2019-164946aa7f)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-203.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-3459,CVE-2019-3460: Two information leaks in the bluetooth stack were fixed. (bnc#1120758). - CVE-2019-7221: A use-after-free in the KVM nVMX hrtimer was fixed. (bnc#1124732). - CVE-2019-7222: A information leak in exception handling in KVM could be used to expose host memory to guests. (bnc#1124735). - CVE-2019-6974: A use-after-free in the KVM device control API was fixed. (bnc#1124728). - CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971). The following non-security bugs were fixed : - 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510). - 9p: clear dangling pointers in p9stat_free (bsc#1051510). - 9p locks: fix glock.client_id leak in do_lock (bsc#1051510). - 9p/net: put a lower bound on msize (bsc#1051510). - acpi/nfit: Block function zero DSMs (bsc#1051510). - acpi, nfit: Fix Address Range Scrub completion tracking (bsc#1124969). - acpi/nfit: Fix command-supported detection (bsc#1051510). - acpi/nfit: Fix race accessing memdev in nfit_get_smbios_id() (bsc#1122662). - acpi/nfit: Fix user-initiated ARS to be
    last seen2020-06-01
    modified2020-06-02
    plugin id122303
    published2019-02-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122303
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-203)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1372.NASL
    descriptionAccording to the version of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A use-after-free vulnerability was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124750
    published2019-05-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124750
    titleEulerOS Virtualization 2.5.4 : kvm (EulerOS-SA-2019-1372)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1165.NASL
    descriptionA use-after-free vulnerability was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id122671
    published2019-03-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122671
    titleAmazon Linux 2 : kernel (ALAS-2019-1165)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3933-1.NASL
    descriptionIt was discovered that an information leak vulnerability existed in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could possibly expose sensitive information (kernel memory). (CVE-2017-1000410) It was discovered that the USB serial device driver in the Linux kernel did not properly validate baud rate settings when debugging is enabled. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18360) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123682
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123682
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3933-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3932-2.NASL
    descriptionUSN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18249) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884) It was discovered that a use-after-free vulnerability existed in the PPP over L2TP implementation in the Linux kernel. A privileged local attacker could use this to possibly execute arbitrary code. (CVE-2018-9517) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id123681
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123681
    titleUbuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3932-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3932-1.NASL
    descriptionIt was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18249) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884) It was discovered that a use-after-free vulnerability existed in the PPP over L2TP implementation in the Linux kernel. A privileged local attacker could use this to possibly execute arbitrary code. (CVE-2018-9517) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id123680
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123680
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3932-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3931-2.NASL
    descriptionUSN-3931-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure kernel for Ubuntu 14.04 LTS. M. Vefa Bicakci and Andy Lutomirski discovered that the kernel did not properly set up all arguments to an error handler callback used when running as a paravirtualized guest. An unprivileged attacker in a paravirtualized guest VM could use this to cause a denial of service (guest VM crash). (CVE-2018-14678) It was discovered that the KVM implementation in the Linux kernel on ARM 64bit processors did not properly handle some ioctls. An attacker with the privilege to create KVM-based virtual machines could use this to cause a denial of service (host system crash) or execute arbitrary code in the host. (CVE-2018-18021) Mathias Payer and Hui Peng discovered a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) subsystem. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19824) Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel. An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460) Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974) Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221) Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM). (CVE-2019-7222) Jann Horn discovered that the eBPF implementation in the Linux kernel was insufficiently hardened against Spectre V1 attacks. A local attacker could use this to expose sensitive information. (CVE-2019-7308) It was discovered that a use-after-free vulnerability existed in the user- space API for crypto (af_alg) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-8912) It was discovered that the Linux kernel did not properly deallocate memory when handling certain errors while reading files. A local attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2019-8980) Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123679
    published2019-04-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123679
    titleUbuntu 14.04 LTS / 16.04 LTS : linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle (USN-3931-2)

Redhat

advisories
  • rhsa
    idRHBA-2019:0959
  • rhsa
    idRHSA-2019:0818
  • rhsa
    idRHSA-2019:0833
  • rhsa
    idRHSA-2019:2809
  • rhsa
    idRHSA-2019:3967
  • rhsa
    idRHSA-2020:0103
rpms
  • bpftool-0:3.10.0-957.12.1.el7
  • kernel-0:3.10.0-957.12.1.el7
  • kernel-abi-whitelists-0:3.10.0-957.12.1.el7
  • kernel-bootwrapper-0:3.10.0-957.12.1.el7
  • kernel-debug-0:3.10.0-957.12.1.el7
  • kernel-debug-debuginfo-0:3.10.0-957.12.1.el7
  • kernel-debug-devel-0:3.10.0-957.12.1.el7
  • kernel-debuginfo-0:3.10.0-957.12.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-957.12.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-957.12.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-957.12.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-957.12.1.el7
  • kernel-devel-0:3.10.0-957.12.1.el7
  • kernel-doc-0:3.10.0-957.12.1.el7
  • kernel-headers-0:3.10.0-957.12.1.el7
  • kernel-kdump-0:3.10.0-957.12.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-957.12.1.el7
  • kernel-kdump-devel-0:3.10.0-957.12.1.el7
  • kernel-tools-0:3.10.0-957.12.1.el7
  • kernel-tools-debuginfo-0:3.10.0-957.12.1.el7
  • kernel-tools-libs-0:3.10.0-957.12.1.el7
  • kernel-tools-libs-devel-0:3.10.0-957.12.1.el7
  • perf-0:3.10.0-957.12.1.el7
  • perf-debuginfo-0:3.10.0-957.12.1.el7
  • python-perf-0:3.10.0-957.12.1.el7
  • python-perf-debuginfo-0:3.10.0-957.12.1.el7
  • kernel-rt-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-debug-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-debug-devel-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-debug-kvm-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-debuginfo-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-devel-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-doc-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-kvm-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-trace-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-trace-devel-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-trace-kvm-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-957.12.1.rt56.927.el7
  • kernel-0:4.14.0-115.12.1.el7a
  • kernel-abi-whitelists-0:4.14.0-115.12.1.el7a
  • kernel-bootwrapper-0:4.14.0-115.12.1.el7a
  • kernel-debug-0:4.14.0-115.12.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.12.1.el7a
  • kernel-debug-devel-0:4.14.0-115.12.1.el7a
  • kernel-debuginfo-0:4.14.0-115.12.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.12.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.12.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.12.1.el7a
  • kernel-devel-0:4.14.0-115.12.1.el7a
  • kernel-doc-0:4.14.0-115.12.1.el7a
  • kernel-headers-0:4.14.0-115.12.1.el7a
  • kernel-kdump-0:4.14.0-115.12.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.12.1.el7a
  • kernel-kdump-devel-0:4.14.0-115.12.1.el7a
  • kernel-tools-0:4.14.0-115.12.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.12.1.el7a
  • kernel-tools-libs-0:4.14.0-115.12.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.12.1.el7a
  • perf-0:4.14.0-115.12.1.el7a
  • perf-debuginfo-0:4.14.0-115.12.1.el7a
  • python-perf-0:4.14.0-115.12.1.el7a
  • python-perf-debuginfo-0:4.14.0-115.12.1.el7a
  • kernel-0:3.10.0-862.44.2.el7
  • kernel-abi-whitelists-0:3.10.0-862.44.2.el7
  • kernel-bootwrapper-0:3.10.0-862.44.2.el7
  • kernel-debug-0:3.10.0-862.44.2.el7
  • kernel-debug-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-debug-devel-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-862.44.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-862.44.2.el7
  • kernel-devel-0:3.10.0-862.44.2.el7
  • kernel-doc-0:3.10.0-862.44.2.el7
  • kernel-headers-0:3.10.0-862.44.2.el7
  • kernel-kdump-0:3.10.0-862.44.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-kdump-devel-0:3.10.0-862.44.2.el7
  • kernel-tools-0:3.10.0-862.44.2.el7
  • kernel-tools-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-tools-libs-0:3.10.0-862.44.2.el7
  • kernel-tools-libs-devel-0:3.10.0-862.44.2.el7
  • perf-0:3.10.0-862.44.2.el7
  • perf-debuginfo-0:3.10.0-862.44.2.el7
  • python-perf-0:3.10.0-862.44.2.el7
  • python-perf-debuginfo-0:3.10.0-862.44.2.el7
  • kernel-0:3.10.0-693.62.1.el7
  • kernel-abi-whitelists-0:3.10.0-693.62.1.el7
  • kernel-bootwrapper-0:3.10.0-693.62.1.el7
  • kernel-debug-0:3.10.0-693.62.1.el7
  • kernel-debug-debuginfo-0:3.10.0-693.62.1.el7
  • kernel-debug-devel-0:3.10.0-693.62.1.el7
  • kernel-debuginfo-0:3.10.0-693.62.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.62.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.62.1.el7
  • kernel-devel-0:3.10.0-693.62.1.el7
  • kernel-doc-0:3.10.0-693.62.1.el7
  • kernel-headers-0:3.10.0-693.62.1.el7
  • kernel-tools-0:3.10.0-693.62.1.el7
  • kernel-tools-debuginfo-0:3.10.0-693.62.1.el7
  • kernel-tools-libs-0:3.10.0-693.62.1.el7
  • kernel-tools-libs-devel-0:3.10.0-693.62.1.el7
  • perf-0:3.10.0-693.62.1.el7
  • perf-debuginfo-0:3.10.0-693.62.1.el7
  • python-perf-0:3.10.0-693.62.1.el7
  • python-perf-debuginfo-0:3.10.0-693.62.1.el7

References