RHSA-2019:2029

RHSA-2019:2043

https://source.android.com/security/bulletin/pixel/2018-09-01

USN-3932-1

USN-3932-2

The remote OracleVM system is missing necessary patches to address critical security updates :

  - ocfs2: subsystem.su_mutex is required while accessing     the item->ci_parent (alex chen) [Orabug: 29184589]     (CVE-2017-18216)

  - bcache: fix potential deadlock problem in     btree_gc_coalesce (Zhiqiang Liu) (CVE-2020-12771)

  - filldir[64]: remove WARN_ON_ONCE for bad directory     entries (Linus Torvalds) [Orabug: 31351271]     (CVE-2019-10220)

  - Make filldir[64] verify the directory entry filename is     valid (Linus Torvalds) [Orabug: 31351271]     (CVE-2019-10220)

  - ath9k: release allocated buffer if timed out (Navid     Emamdoost) [Orabug: 31351559] (CVE-2019-19074)

  - scsi: bfa: release allocated memory in case of error     (Navid Emamdoost) [Orabug: 31351615] (CVE-2019-19066)

  - rtlwifi: prevent memory leak in rtl_usb_probe (Navid     Emamdoost) [Orabug: 31351626] (CVE-2019-19063)

  - perf/core: Fix perf_event_open vs. execve race (Peter     Zijlstra) [Orabug: 31351766] (CVE-2019-3901)

  - l2tp: pass tunnel pointer to ->session_create (Guillaume     Nault) [Orabug: 31352004] (CVE-2018-9517)

  - net: bonding: add new option arp_allslaves for     arp_ip_target (Venkat Venkatsubra) [Orabug: 33039295]

  - Revert 'uek-rpm: mark /etc/ld.so.conf.d/ files as     %config' (aloktiw) [Orabug: 33359684]

  - ksplice: Fix build warning with ksplice_sysctls (John     Donnelly) [Orabug: 33365274]

  - kvm:vmx Fix build error in kvm/vmx.c (John Donnelly)     [Orabug: 33375485]

  - vmscan: Fix build error in mm/vmscan.c (John Donnelly)     [Orabug: 33375931]

  - constify iov_iter_count and iter_is_iovec (Al Viro)     [Orabug: 33381741]

  - fs/namespace.c: fix mountpoint reference counter race     (Piotr Krysiuk) [Orabug: 31350976] (CVE-2020-12114)     (CVE-2020-12114)

  - btrfs: only search for left_info if there is no     right_info in try_merge_free_space (Josef Bacik)     [Orabug: 31351025] (CVE-2019-19448) (CVE-2019-19448)

  - cfg80211: wext: avoid copying malformed SSIDs (Will     Deacon) [Orabug: 31351800] (CVE-2019-17133)

  - vhost_net: fix possible infinite loop (Jason Wang)     [Orabug: 31351950] (CVE-2019-3900) (CVE-2019-3900)

  - vhost: introduce vhost_exceeds_weight (Jason Wang)     [Orabug: 31351950] (CVE-2019-3900)

  - vhost_net: introduce vhost_exceeds_weight (Jason Wang)     [Orabug: 31351950] (CVE-2019-3900)

  - vhost_net: use packet weight for rx handler, too (Paolo     Abeni) [Orabug: 31351950] (CVE-2019-3900)

  - vhost-net: set packet weight of tx polling to 2 * vq     size (haibinzhang(&#x5F20 &#x6D77 &#x658C )) [Orabug:
    31351950] (CVE-2019-3900)

  - mac80211: extend protection against mixed key and     fragment cache attacks (Wen Gong) [Orabug: 33009788]     (CVE-2020-24586) (CVE-2020-26139) (CVE-2020-24587)     (CVE-2020-24588) (CVE-2020-26139) (CVE-2020-26140)     (CVE-2020-26141) (CVE-2020-26142) (CVE-2020-26143)     (CVE-2020-26144) (CVE-2020-26145) (CVE-2020-26146)     (CVE-2020-26147) (CVE-2020-24586) (CVE-2020-24587)

  - mac80211: do not accept/forward invalid EAPOL frames     (Johannes Berg) [Orabug: 33009788] (CVE-2020-24586)     (CVE-2020-26139) (CVE-2020-24587) (CVE-2020-24588)     (CVE-2020-26139) (CVE-2020-26140) (CVE-2020-26141)     (CVE-2020-26142) (CVE-2020-26143) (CVE-2020-26144)     (CVE-2020-26145) (CVE-2020-26146) (CVE-2020-26147)

  - mac80211: prevent attacks on TKIP/WEP as well (Johannes     Berg) [Orabug: 33009788] (CVE-2020-24586)     (CVE-2020-26139) (CVE-2020-24587) (CVE-2020-24588)     (CVE-2020-26139) (CVE-2020-26140) (CVE-2020-26141)     (CVE-2020-26142) (CVE-2020-26143) (CVE-2020-26144)     (CVE-2020-26145) (CVE-2020-26146) (CVE-2020-26147)

  - mac80211: check defrag PN against current frame     (Johannes Berg) [Orabug: 33009788] (CVE-2020-24586)     (CVE-2020-26139) (CVE-2020-24587) (CVE-2020-24588)     (CVE-2020-26139) (CVE-2020-26140) (CVE-2020-26141)     (CVE-2020-26142) (CVE-2020-26143) (CVE-2020-26144)     (CVE-2020-26145) (CVE-2020-26146) (CVE-2020-26147)

  - mac80211: add fragment cache to sta_info (Johannes Berg)     [Orabug: 33009788] (CVE-2020-24586) (CVE-2020-26139)     (CVE-2020-24587) (CVE-2020-24588) (CVE-2020-26139)     (CVE-2020-26140) (CVE-2020-26141) (CVE-2020-26142)     (CVE-2020-26143) (CVE-2020-26144) (CVE-2020-26145)     (CVE-2020-26146) (CVE-2020-26147)

  - mac80211: drop A-MSDUs on old ciphers (Johannes Berg)     [Orabug: 33009788] (CVE-2020-24586) (CVE-2020-26139)     (CVE-2020-24587) (CVE-2020-24588) (CVE-2020-26139)     (CVE-2020-26140) (CVE-2020-26141) (CVE-2020-26142)     (CVE-2020-26143) (CVE-2020-26144) (CVE-2020-26145)     (CVE-2020-26146) (CVE-2020-26147) (CVE-2020-24588)

  - cfg80211: mitigate A-MSDU aggregation attacks (Mathy     Vanhoef) [Orabug: 33009788] (CVE-2020-24586)     (CVE-2020-26139) (CVE-2020-24587) (CVE-2020-24588)     (CVE-2020-26139) (CVE-2020-26140) (CVE-2020-26141)     (CVE-2020-26142) (CVE-2020-26143) (CVE-2020-26144)     (CVE-2020-26145) (CVE-2020-26146) (CVE-2020-26147)     (CVE-2020-24588)

  - mac80211: properly handle A-MSDUs that start with an RFC     1042 header (Mathy Vanhoef) [Orabug: 33009788]     (CVE-2020-24586) (CVE-2020-26139) (CVE-2020-24587)     (CVE-2020-24588) (CVE-2020-26139) (CVE-2020-26140)     (CVE-2020-26141) (CVE-2020-26142) (CVE-2020-26143)     (CVE-2020-26144) (CVE-2020-26145) (CVE-2020-26146)     (CVE-2020-26147)

  - mac80211: prevent mixed key and fragment cache attacks     (Mathy Vanhoef) [Orabug: 33009788] (CVE-2020-24586)     (CVE-2020-26139) (CVE-2020-24587) (CVE-2020-24588)     (CVE-2020-26139) (CVE-2020-26140) (CVE-2020-26141)     (CVE-2020-26142) (CVE-2020-26143) (CVE-2020-26144)     (CVE-2020-26145) (CVE-2020-26146) (CVE-2020-26147)     (CVE-2020-24587) (CVE-2020-24586)

  - mac80211: assure all fragments are encrypted (Mathy     Vanhoef) [Orabug: 33009788] (CVE-2020-24586)     (CVE-2020-26139) (CVE-2020-24587) (CVE-2020-24588)     (CVE-2020-26139) (CVE-2020-26140) (CVE-2020-26141)     (CVE-2020-26142) (CVE-2020-26143) (CVE-2020-26144)     (CVE-2020-26145) (CVE-2020-26146) (CVE-2020-26147)     (CVE-2020-26147)

  - sctp: validate from_addr_param return (Marcelo Ricardo     Leitner) [Orabug: 33198409] (CVE-2021-3655)

  - virtio_console: Assure used length from device is     limited (Xie Yongji) [Orabug: 33209274] (CVE-2021-38160)

  - net_sched: cls_route: remove the right filter from     hashtable (Cong Wang) [Orabug: 33326887] (CVE-2021-3715)

  - HID: make arrays usage and value to be the same (Will     McVicker) [Orabug: 33326939] (CVE-2021-0512)

  - ext4: fix race writing to an inline_data file while its     xattrs are changing (Theodore Ts'o) [Orabug: 33327200]     (CVE-2021-40490)

  - x86/mm: Fix compiler warning in pageattr.c (John     Donnelly) [Orabug: 33332673]

  - security: Make inode argument of inode_getsecid     non-const (Andreas Gruenbacher) [Orabug: 33337179]

  - security: Make inode argument of inode_getsecurity     non-const (Andreas Gruenbacher) [Orabug: 33337179]

  - cfg80211: Define nla_policy for     NL80211_ATTR_LOCAL_MESH_POWER_MODE (Srinivas Dasari)     [Orabug: 31351335] (CVE-2017-11089)

  - ocfs2: issue zeroout to EOF blocks (Junxiao Bi) [Orabug:
    32974989]

  - ocfs2: fix zero out valid data (Junxiao Bi) [Orabug:
    32974989]

  - ocfs2: fix data corruption by fallocate (Junxiao Bi)     [Orabug: 32974989]

  - l2tp: fix l2tp_eth module loading (Guillaume Nault)     [Orabug: 33114384] (CVE-2020-27067)

  - af_key: pfkey_dump needs parameter validation (Mark     Salyzyn) [Orabug: 33114539] (CVE-2021-0605)

  - af_key: Add lock to key dump (Yuejie Shi) [Orabug:
    33114539] (CVE-2021-0605)

  - Input: joydev - prevent use of not validated data in     JSIOCSBTNMAP ioctl (Alexander Larkin) [Orabug: 33114989]     (CVE-2021-3612)

  - Input: joydev - prevent potential read overflow in ioctl     (Dan Carpenter) [Orabug: 33114989] (CVE-2021-3612)

  - tracing: Fix bug in rb_per_cpu_empty that might cause     deadloop. (Haoran Luo) [Orabug: 33198437]     (CVE-2021-3679)

  - dtrace: Corrects - warning: assignment makes pointer     from integer without a cast (John Donnelly) [Orabug:
    33314947]

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9473 advisory.

  - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local     escalation of privilege with System execution privileges needed. User interaction is not needed for     exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)

  - A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.
    As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it     is possible for the specified target task to perform an execve() syscall with setuid execution before     perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check     and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged     execve() calls. This issue affects kernel versions before 4.8. (CVE-2019-3901)

  - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel     through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
    (CVE-2019-19074)

  - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the     Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka     CID-3f9361695113. (CVE-2019-19063)

  - A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel     through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering     bfa_port_get_stats() failures, aka CID-0e62395da2bd. (CVE-2019-19066)

  - An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c     has a deadlock if a coalescing operation fails. (CVE-2020-12771)

  - Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory     entry lists. (CVE-2019-10220)

  - In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of     service (NULL pointer dereference and BUG) because a required mutex is not used. (CVE-2017-18216)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3206-1 advisory.

  - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local     escalation of privilege with System execution privileges needed. User interaction is not needed for     exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)

  - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An     attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are     believed to be vulnerable. (CVE-2019-3874)

  - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including     v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster     than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the     vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)

  - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a     certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)

  - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from     kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects     the possibility of uninitialized memory locations on the BPF stack. (CVE-2021-34556)

  - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from     kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store     operation does not necessarily occur before a store operation that has an attacker-controlled value.
    (CVE-2021-35477)

  - kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)

  - A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when     processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested     guest (L2). Due to improper validation of the int_ctl field, this issue could allow a malicious L1 to     enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest     would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak     of sensitive data or potential guest-to-host escape. (CVE-2021-3653) (CVE-2021-3656, CVE-2021-3732,     CVE-2021-3753)

  - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was     found in the way user uses trace ring buffer in a specific way. Only privileged local users (with     CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
    (CVE-2021-3679)

  - ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss     can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE:
    the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the     length validation was added solely for robustness in the face of anomalous host OS behavior.
    (CVE-2021-38160)

  - arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access     permissions of a shadow page, leading to a missing guest protection page fault. (CVE-2021-38198)

  - drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to     cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain     situations. (CVE-2021-38204)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3217-1 advisory.

  - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local     escalation of privilege with System execution privileges needed. User interaction is not needed for     exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)

  - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An     attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are     believed to be vulnerable. (CVE-2019-3874)

  - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including     v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster     than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the     vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)

  - An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a     certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)

  - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from     kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects     the possibility of uninitialized memory locations on the BPF stack. (CVE-2021-34556)

  - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from     kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store     operation does not necessarily occur before a store operation that has an attacker-controlled value.
    (CVE-2021-35477)

  - kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)

  - A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when     processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested     guest (L2). Due to improper validation of the int_ctl field, this issue could allow a malicious L1 to     enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest     would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak     of sensitive data or potential guest-to-host escape. (CVE-2021-3653) (CVE-2021-3656, CVE-2021-3732,     CVE-2021-3753)

  - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was     found in the way user uses trace ring buffer in a specific way. Only privileged local users (with     CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
    (CVE-2021-3679)

  - ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss     can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE:
    the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the     length validation was added solely for robustness in the face of anomalous host OS behavior.
    (CVE-2021-38160)

  - arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access     permissions of a shadow page, leading to a missing guest protection page fault. (CVE-2021-38198)

  - drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to     cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain     situations. (CVE-2021-38204)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3192-1 advisory.

  - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local     escalation of privilege with System execution privileges needed. User interaction is not needed for     exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)

  - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An     attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are     believed to be vulnerable. (CVE-2019-3874)

  - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including     v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster     than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the     vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)

  - kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)

  - A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when     processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested     guest (L2). Due to improper validation of the int_ctl field, this issue could allow a malicious L1 to     enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest     would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak     of sensitive data or potential guest-to-host escape. (CVE-2021-3653) (CVE-2021-3656, CVE-2021-3732,     CVE-2021-3753)

  - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was     found in the way user uses trace ring buffer in a specific way. Only privileged local users (with     CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
    (CVE-2021-3679)

  - ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss     can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE:
    the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the     length validation was added solely for robustness in the face of anomalous host OS behavior.
    (CVE-2021-38160)

  - arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access     permissions of a shadow page, leading to a missing guest protection page fault. (CVE-2021-38198)

  - drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to     cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain     situations. (CVE-2021-38204)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - mwifiex_cmd_802_11_ad_hoc_start in     drivers/net/wireless/marvell/mwifiex/join.c in the     Linux kernel through 5.10.4 might allow remote     attackers to execute arbitrary code via a long SSID     value, aka CID-5c455c5ab332.(CVE-2020-36158)

  - Incomplete cleanup from specific special register read     operations in some Intel(R) Processors may allow an     authenticated user to potentially enable information     disclosure via local access.(CVE-2020-0543)

  - An infinite loop issue was found in the vhost_net     kernel module in Linux Kernel up to and including     v5.1-rc6, while handling incoming packets in     handle_rx(). It could occur if one end sends packets     faster than the other end can process them. A guest     user, maybe remote one, could use this flaw to stall     the vhost_net kernel thread, resulting in a DoS     scenario.(CVE-2019-3900)

  - In pppol2tp_connect, there is possible memory     corruption due to a use after free. This could lead to     local escalation of privilege with System execution     privileges needed. User interaction is not needed for     exploitation. Product: Android. Versions: Android     kernel. Android ID: A-38159931.(CVE-2018-9517)

  - A flaw was found in the fix for CVE-2019-11135, in the     Linux upstream kernel versions before 5.5 where, the     way Intel CPUs handle speculative execution of     instructions when a TSX Asynchronous Abort (TAA) error     occurs. When a guest is running on a host CPU affected     by the TAA flaw (TAA_NO=0), but is not affected by the     MDS issue (MDS_NO=1), the guest was to clear the     affected buffers by using a VERW instruction mechanism.
    But when the MDS_NO=1 bit was exported to the guests,     the guests did not use the VERW mechanism to clear the     affected buffers. This issue affects guests running on     Cascade Lake CPUs and requires that host has 'TSX'     enabled. Confidentiality of data is the highest threat     associated with this vulnerability.(CVE-2019-19338)

  - There is a use-after-free in kernel versions before 5.5     due to a race condition between the release of     ptp_clock and cdev while resource deallocation. When a     (high privileged) process allocates a ptp device file     (like /dev/ptpX) and voluntarily goes to sleep. During     this time if the underlying device is removed, it can     cause an exploitable condition as the process wakes up     to terminate and clean all attached files. The system     crashes due to the cdev structure being invalid (as     already freed) which is pointed to by the     inode.(CVE-2020-10690)

  - Improper input validation in BlueZ may allow an     unauthenticated user to potentially enable escalation     of privilege via adjacent access.(CVE-2020-12351)

  - A flaw was found in the Linux kernels implementation of     MIDI, where an attacker with a local account and the     permissions to issue an ioctl commands to midi devices,     could trigger a use-after-free. A write to this     specific memory while freed and before use could cause     the flow of execution to change and possibly allow for     memory corruption or privilege     escalation.(CVE-2020-27786)

  - use-after-free read in sunkbd_reinit in     drivers/input/keyboard/sunkbd.c(CVE-2020-25669)

  - A flaw was found in the way RTAS handled memory     accesses in userspace to kernel communication. On a     locked down (usually due to Secure Boot) guest system     running on top of PowerVM or KVM hypervisors (pseries     platform) a root like local user could use this flaw to     further increase their privileges to that of a running     kernel.(CVE-2020-27777)

  - A locking inconsistency issue was discovered in the tty     subsystem of the Linux kernel through 5.9.13.
    drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may     allow a read-after-free attack against TIOCGSID, aka     CID-c8bcd9c5be24.(CVE-2020-29660)

  - A locking issue was discovered in the tty subsystem of     the Linux kernel through 5.9.13.
    drivers/tty/tty_jobctrl.c allows a use-after-free     attack against TIOCSPGRP, aka     CID-54ffccbf053b.(CVE-2020-29661)

  - An out-of-bounds memory write flaw was found in how the     Linux kernel's Voice Over IP H.323 connection tracking     functionality handled connections on ipv6 port 1720.
    This flaw allows an unauthenticated remote user to     crash the system, causing a denial of service. The     highest threat from this vulnerability is to     confidentiality, integrity, as well as system     availability.(CVE-2020-14305)

  - An issue was discovered in the Linux kernel before     5.2.6. On NUMA systems, the Linux fair scheduler has a     use-after-free in show_numa_stats() because NUMA fault     statistics are inappropriately freed, aka     CID-16d51a590a8c.(CVE-2019-20934)

  - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors     could allow a local user to obtain sensitive     information from the data in the L1 cache under     extenuating circumstances. IBM X-Force ID:
    189296.(CVE-2020-4788)

  - A flaw memory leak in the Linux kernel performance     monitoring subsystem was found in the way if using     PERF_EVENT_IOC_SET_FILTER. A local user could use this     flaw to starve the resources causing denial of     service.(CVE-2020-25704)

  - An issue was discovered in kmem_cache_alloc_bulk in     mm/slub.c in the Linux kernel before 5.5.11. The     slowpath lacks the required TID increment, aka     CID-fd4d9c7d0c71.(CVE-2020-29370)

  - A slab-out-of-bounds read in fbcon in the Linux kernel     before 5.9.7 could be used by local attackers to read     privileged information or potentially crash the kernel,     aka CID-3c4e0dff2095. This occurs because     KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for     manipulations such as font height.(CVE-2020-28974)

  - A buffer over-read (at the framebuffer layer) in the     fbcon code in the Linux kernel before 5.8.15 could be     used by local attackers to read kernel memory, aka     CID-6735b4632def.(CVE-2020-28915)

  - An issue was discovered in romfs_dev_read in     fs/romfs/storage.c in the Linux kernel before 5.8.4.
    Uninitialized memory leaks to userspace, aka     CID-bcf85fcedfdd.(CVE-2020-29371)

  - Use-after-free vulnerability in fs/block_dev.c in the     Linux kernel before 5.8 allows local users to gain     privileges or cause a denial of service by leveraging     improper access to a certain error     field.(CVE-2020-15436)

  - The Linux kernel before version 5.8 is vulnerable to a     NULL pointer dereference in     drivers/tty/serial/8250/8250_core.c:serial8250_isa_init
    _ports() that allows local users to cause a denial of     service by using the p->serial_in pointer which     uninitialized.(CVE-2020-15437)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New kernel packages are available for Slackware 14.2 to fix security issues.

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities:

  - A flaw was found in the Linux kernel's NFS41+ subsystem.
    NFS41+ shares mounted in different network namespaces at     the same time can make bc_svc_process() use wrong back-     channel IDs and cause a use-after-free vulnerability.
    Thus a malicious container user can cause a host kernel     memory corruption and a system panic. Due to the nature     of the flaw, privilege escalation cannot be fully ruled     out. (CVE-2018-16884)

  - Insufficient input validation in Kernel Mode Driver in     Intel(R) i915 Graphics for Linux before version 5.0 may     allow an authenticated user to potentially enable     escalation of privilege via local access.
    (CVE-2019-11085)

  - A flaw was found in the Linux kernel's NFS     implementation, all versions 3.x and all versions 4.x up     to 4.20. An attacker, who is able to mount an exported     NFS filesystem, is able to trigger a null pointer     dereference by using an invalid NFS sequence. This can     panic the machine and deny access to the NFS server. Any     outstanding disk writes to the NFS server will be lost.
    (CVE-2018-16871)

  - An issue was discovered in the Linux kernel before     5.0.4. There is a use-after-free upon attempted read     access to /proc/ioports after the ipmi_si module is     removed, related to drivers/char/ipmi/ipmi_si_intf.c,     drivers/char/ipmi/ipmi_si_mem_io.c, and     drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)

  - A flaw was found in the way Linux kernel KVM hypervisor     before 4.18 emulated instructions such as     sgdt/sidt/fxsave/fxrstor. It did not check current     privilege(CPL) level while emulating unprivileged     instructions. An unprivileged guest user/process could     use this flaw to potentially escalate privileges inside     guest. (CVE-2018-10853)

  - A flaw was found in the Linux Kernel where an attacker     may be able to have an uncontrolled read to kernel-     memory from within a vm guest. A race condition between     connect() and close() function may allow an attacker     using the AF_VSOCK protocol to gather a 4 byte     information leak or possibly intercept or corrupt     AF_VSOCK messages destined to other clients.
    (CVE-2018-14625)

  - drivers/infiniband/core/ucma.c in the Linux kernel     through 4.17.11 allows ucma_leave_multicast to access a     certain data structure after a cleanup step in     ucma_process_join, which allows attackers to cause a     denial of service (use-after-free). (CVE-2018-14734)

  - arch/x86/kernel/paravirt.c in the Linux kernel before     4.18.1 mishandles certain indirect calls, which makes it     easier for attackers to conduct Spectre-v2 attacks     against paravirtual guests. (CVE-2018-15594)

  - Since Linux kernel version 3.2, the mremap() syscall     performs TLB flushes after dropping pagetable locks. If     a syscall such as ftruncate() removes entries from the     pagetables of a task that is in the middle of mremap(),     a stale TLB entry can remain for a short time that     permits access to a physical page after it has been     released back to the page allocator and reused. This is     fixed in the following kernel versions: 4.9.135,     4.14.78, 4.18.16, 4.19. (CVE-2018-18281)

  - An issue was discovered in the Linux kernel before     4.18.7. In block/blk-core.c, there is an
    __blk_drain_queue() use-after-free because a certain     error case is mishandled. (CVE-2018-20856)

  - In the hidp_process_report in bluetooth, there is an     integer overflow. This could lead to an out of bounds     write with no additional execution privileges needed.
    User interaction is not needed for exploitation.
    Product: Android Versions: Android kernel Android ID:
    A-65853588 References: Upstream kernel. (CVE-2018-9363)

  - In pppol2tp_connect, there is possible memory corruption     due to a use after free. This could lead to local     escalation of privilege with System execution privileges     needed. User interaction is not needed for exploitation.
    Product: Android. Versions: Android kernel. Android ID:
    A-38159931. (CVE-2018-9517)

  - A flaw was found in the Linux kernel. A heap based     buffer overflow in mwifiex_uap_parse_tail_ies function     in drivers/net/wireless/marvell/mwifiex/ie.c might lead     to memory corruption and possibly other consequences.
    (CVE-2019-10126)

  - An information disclosure vulnerability exists when     certain central processing units (CPU) speculatively     access memory, aka 'Windows Kernel Information     Disclosure Vulnerability'. This CVE ID is unique from     CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)

  - The coredump implementation in the Linux kernel before     5.0.10 does not use locking or other mechanisms to     prevent vma layout or vma flags changes while it runs,     which allows local users to obtain sensitive     information, cause a denial of service, or possibly have     unspecified other impact by triggering a race condition     with mmget_not_zero or get_task_mm calls. This is     related to fs/userfaultfd.c, mm/mmap.c,     fs/proc/task_mmu.c, and     drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)

  - An issue was discovered in the Linux kernel before     5.0.7. A NULL pointer dereference can occur when     megasas_create_frame_pool() fails in     megasas_alloc_cmds() in     drivers/scsi/megaraid/megaraid_sas_base.c. This causes a     Denial of Service, related to a use-after-free.
    (CVE-2019-11810)

  - fs/ext4/extents.c in the Linux kernel through 5.1.2 does     not zero out the unused memory region in the extent tree     block, which might allow local users to obtain sensitive     information by reading uninitialized data in the     filesystem. (CVE-2019-11833)

  - An out-of-bounds access issue was found in the Linux     kernel, all versions through 5.3, in the way Linux     kernel's KVM hypervisor implements the Coalesced MMIO     write operation. It operates on an MMIO ring buffer     'struct kvm_coalesced_mmio' object, wherein write     indices 'ring->first' and 'ring->last' value could be     supplied by a host user-space process. An unprivileged     host user or process with access to '/dev/kvm' device     could use this flaw to crash the host kernel, resulting     in a denial of service or potentially escalating     privileges on the system. (CVE-2019-14821)

  - A buffer overflow flaw was found, in versions from     2.6.34 to 5.2.x, in the way Linux kernel's vhost     functionality that translates virtqueue buffers to IOVs,     logged the buffer descriptors during migration. A     privileged guest user able to pass descriptors with     invalid length to the host when migration is underway,     could use this flaw to increase their privileges on the     host. (CVE-2019-14835)

  - A heap address information leak while using     L2CAP_GET_CONF_OPT was discovered in the Linux kernel     before 5.1-rc1. (CVE-2019-3459)

  - A heap data infoleak in multiple locations including     L2CAP_PARSE_CONF_RSP was found in the Linux kernel     before 5.1-rc1. (CVE-2019-3460)

  - A flaw that allowed an attacker to corrupt memory and     possibly escalate privileges was found in the mwifiex     kernel module while connecting to a malicious wireless     network. (CVE-2019-3846)

  - A flaw was found in the Linux kernel's vfio interface     implementation that permits violation of the user's     locked memory limit. If a device is bound to a vfio     driver, such as vfio-pci, and the local attacker is     administratively granted ownership of the device, it may     cause a system memory exhaustion and thus a denial of     service (DoS). Versions 3.10, 4.14 and 4.18 are     vulnerable. (CVE-2019-3882)

  - An infinite loop issue was found in the vhost_net kernel     module in Linux Kernel up to and including v5.1-rc6,     while handling incoming packets in handle_rx(). It could     occur if one end sends packets faster than the other end     can process them. A guest user, maybe remote one, could     use this flaw to stall the vhost_net kernel thread,     resulting in a DoS scenario. (CVE-2019-3900)

  - The mincore() implementation in mm/mincore.c in the     Linux kernel through 4.19.13 allowed local attackers to     observe page cache access patterns of other processes on     the same system, potentially allowing sniffing of secret     information. (Fixing this affects the output of the     fincore program.) Limited remote exploitation may be     possible, as demonstrated by latency differences in     accessing public files from an Apache HTTP Server.
    (CVE-2019-5489)

  - The Bluetooth BR/EDR specification up to and including     version 5.1 permits sufficiently low encryption key     length and does not prevent an attacker from influencing     the key length negotiation. This allows practical brute-     force attacks (aka KNOB) that can decrypt traffic and     inject arbitrary ciphertext without the victim noticing.
    (CVE-2019-9506)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities:

  - A flaw was found in the Linux kernel's NFS41+ subsystem.
    NFS41+ shares mounted in different network namespaces at     the same time can make bc_svc_process() use wrong back-     channel IDs and cause a use-after-free vulnerability.
    Thus a malicious container user can cause a host kernel     memory corruption and a system panic. Due to the nature     of the flaw, privilege escalation cannot be fully ruled     out. (CVE-2018-16884)

  - Insufficient input validation in Kernel Mode Driver in     Intel(R) i915 Graphics for Linux before version 5.0 may     allow an authenticated user to potentially enable     escalation of privilege via local access.
    (CVE-2019-11085)

  - A flaw was found in the Linux kernel's NFS     implementation, all versions 3.x and all versions 4.x up     to 4.20. An attacker, who is able to mount an exported     NFS filesystem, is able to trigger a null pointer     dereference by using an invalid NFS sequence. This can     panic the machine and deny access to the NFS server. Any     outstanding disk writes to the NFS server will be lost.
    (CVE-2018-16871)

  - An issue was discovered in the Linux kernel before     5.0.4. There is a use-after-free upon attempted read     access to /proc/ioports after the ipmi_si module is     removed, related to drivers/char/ipmi/ipmi_si_intf.c,     drivers/char/ipmi/ipmi_si_mem_io.c, and     drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)

  - A flaw was found in the way Linux kernel KVM hypervisor     before 4.18 emulated instructions such as     sgdt/sidt/fxsave/fxrstor. It did not check current     privilege(CPL) level while emulating unprivileged     instructions. An unprivileged guest user/process could     use this flaw to potentially escalate privileges inside     guest. (CVE-2018-10853)

  - A flaw was found in the Linux Kernel where an attacker     may be able to have an uncontrolled read to kernel-     memory from within a vm guest. A race condition between     connect() and close() function may allow an attacker     using the AF_VSOCK protocol to gather a 4 byte     information leak or possibly intercept or corrupt     AF_VSOCK messages destined to other clients.
    (CVE-2018-14625)

  - drivers/infiniband/core/ucma.c in the Linux kernel     through 4.17.11 allows ucma_leave_multicast to access a     certain data structure after a cleanup step in     ucma_process_join, which allows attackers to cause a     denial of service (use-after-free). (CVE-2018-14734)

  - arch/x86/kernel/paravirt.c in the Linux kernel before     4.18.1 mishandles certain indirect calls, which makes it     easier for attackers to conduct Spectre-v2 attacks     against paravirtual guests. (CVE-2018-15594)

  - Since Linux kernel version 3.2, the mremap() syscall     performs TLB flushes after dropping pagetable locks. If     a syscall such as ftruncate() removes entries from the     pagetables of a task that is in the middle of mremap(),     a stale TLB entry can remain for a short time that     permits access to a physical page after it has been     released back to the page allocator and reused. This is     fixed in the following kernel versions: 4.9.135,     4.14.78, 4.18.16, 4.19. (CVE-2018-18281)

  - An issue was discovered in the Linux kernel before     4.18.7. In block/blk-core.c, there is an
    __blk_drain_queue() use-after-free because a certain     error case is mishandled. (CVE-2018-20856)

  - In the hidp_process_report in bluetooth, there is an     integer overflow. This could lead to an out of bounds     write with no additional execution privileges needed.
    User interaction is not needed for exploitation.
    Product: Android Versions: Android kernel Android ID:
    A-65853588 References: Upstream kernel. (CVE-2018-9363)

  - In pppol2tp_connect, there is possible memory corruption     due to a use after free. This could lead to local     escalation of privilege with System execution privileges     needed. User interaction is not needed for exploitation.
    Product: Android. Versions: Android kernel. Android ID:
    A-38159931. (CVE-2018-9517)

  - A flaw was found in the Linux kernel. A heap based     buffer overflow in mwifiex_uap_parse_tail_ies function     in drivers/net/wireless/marvell/mwifiex/ie.c might lead     to memory corruption and possibly other consequences.
    (CVE-2019-10126)

  - An information disclosure vulnerability exists when     certain central processing units (CPU) speculatively     access memory, aka 'Windows Kernel Information     Disclosure Vulnerability'. This CVE ID is unique from     CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)

  - The coredump implementation in the Linux kernel before     5.0.10 does not use locking or other mechanisms to     prevent vma layout or vma flags changes while it runs,     which allows local users to obtain sensitive     information, cause a denial of service, or possibly have     unspecified other impact by triggering a race condition     with mmget_not_zero or get_task_mm calls. This is     related to fs/userfaultfd.c, mm/mmap.c,     fs/proc/task_mmu.c, and     drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)

  - An issue was discovered in the Linux kernel before     5.0.7. A NULL pointer dereference can occur when     megasas_create_frame_pool() fails in     megasas_alloc_cmds() in     drivers/scsi/megaraid/megaraid_sas_base.c. This causes a     Denial of Service, related to a use-after-free.
    (CVE-2019-11810)

  - fs/ext4/extents.c in the Linux kernel through 5.1.2 does     not zero out the unused memory region in the extent tree     block, which might allow local users to obtain sensitive     information by reading uninitialized data in the     filesystem. (CVE-2019-11833)

  - An out-of-bounds access issue was found in the Linux     kernel, all versions through 5.3, in the way Linux     kernel's KVM hypervisor implements the Coalesced MMIO     write operation. It operates on an MMIO ring buffer     'struct kvm_coalesced_mmio' object, wherein write     indices 'ring->first' and 'ring->last' value could be     supplied by a host user-space process. An unprivileged     host user or process with access to '/dev/kvm' device     could use this flaw to crash the host kernel, resulting     in a denial of service or potentially escalating     privileges on the system. (CVE-2019-14821)

  - A buffer overflow flaw was found, in versions from     2.6.34 to 5.2.x, in the way Linux kernel's vhost     functionality that translates virtqueue buffers to IOVs,     logged the buffer descriptors during migration. A     privileged guest user able to pass descriptors with     invalid length to the host when migration is underway,     could use this flaw to increase their privileges on the     host. (CVE-2019-14835)

  - A heap address information leak while using     L2CAP_GET_CONF_OPT was discovered in the Linux kernel     before 5.1-rc1. (CVE-2019-3459)

  - A heap data infoleak in multiple locations including     L2CAP_PARSE_CONF_RSP was found in the Linux kernel     before 5.1-rc1. (CVE-2019-3460)

  - A flaw that allowed an attacker to corrupt memory and     possibly escalate privileges was found in the mwifiex     kernel module while connecting to a malicious wireless     network. (CVE-2019-3846)

  - A flaw was found in the Linux kernel's vfio interface     implementation that permits violation of the user's     locked memory limit. If a device is bound to a vfio     driver, such as vfio-pci, and the local attacker is     administratively granted ownership of the device, it may     cause a system memory exhaustion and thus a denial of     service (DoS). Versions 3.10, 4.14 and 4.18 are     vulnerable. (CVE-2019-3882)

  - An infinite loop issue was found in the vhost_net kernel     module in Linux Kernel up to and including v5.1-rc6,     while handling incoming packets in handle_rx(). It could     occur if one end sends packets faster than the other end     can process them. A guest user, maybe remote one, could     use this flaw to stall the vhost_net kernel thread,     resulting in a DoS scenario. (CVE-2019-3900)

  - The mincore() implementation in mm/mincore.c in the     Linux kernel through 4.19.13 allowed local attackers to     observe page cache access patterns of other processes on     the same system, potentially allowing sniffing of secret     information. (Fixing this affects the output of the     fincore program.) Limited remote exploitation may be     possible, as demonstrated by latency differences in     accessing public files from an Apache HTTP Server.
    (CVE-2019-5489)

  - The Bluetooth BR/EDR specification up to and including     version 5.1 permits sufficiently low encryption key     length and does not prevent an attacker from influencing     the key length negotiation. This allows practical brute-     force attacks (aka KNOB) that can decrypt traffic and     inject arbitrary ciphertext without the victim noticing.
    (CVE-2019-9506)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:

  - A flaw was found in the way Linux kernel KVM hypervisor     before 4.18 emulated instructions such as     sgdt/sidt/fxsave/fxrstor. It did not check current     privilege(CPL) level while emulating unprivileged     instructions. An unprivileged guest user/process could     use this flaw to potentially escalate privileges inside     guest. (CVE-2018-10853)

  - A flaw was found in the Linux Kernel where an attacker     may be able to have an uncontrolled read to kernel-     memory from within a vm guest. A race condition between     connect() and close() function may allow an attacker     using the AF_VSOCK protocol to gather a 4 byte     information leak or possibly intercept or corrupt     AF_VSOCK messages destined to other clients.
    (CVE-2018-14625)

  - drivers/infiniband/core/ucma.c in the Linux kernel     through 4.17.11 allows ucma_leave_multicast to access a     certain data structure after a cleanup step in     ucma_process_join, which allows attackers to cause a     denial of service (use-after-free). (CVE-2018-14734)

  - arch/x86/kernel/paravirt.c in the Linux kernel before     4.18.1 mishandles certain indirect calls, which makes it     easier for attackers to conduct Spectre-v2 attacks     against paravirtual guests. (CVE-2018-15594)

  - A flaw was found in the Linux kernel's NFS     implementation, all versions 3.x and all versions 4.x up     to 4.20. An attacker, who is able to mount an exported     NFS filesystem, is able to trigger a null pointer     dereference by using an invalid NFS sequence. This can     panic the machine and deny access to the NFS server. Any     outstanding disk writes to the NFS server will be lost.
    (CVE-2018-16871)

  - A flaw was found in the Linux kernel's NFS41+ subsystem.
    NFS41+ shares mounted in different network namespaces at     the same time can make bc_svc_process() use wrong back-     channel IDs and cause a use-after-free vulnerability.
    Thus a malicious container user can cause a host kernel     memory corruption and a system panic. Due to the nature     of the flaw, privilege escalation cannot be fully ruled     out. (CVE-2018-16884)

  - Since Linux kernel version 3.2, the mremap() syscall     performs TLB flushes after dropping pagetable locks. If     a syscall such as ftruncate() removes entries from the     pagetables of a task that is in the middle of mremap(),     a stale TLB entry can remain for a short time that     permits access to a physical page after it has been     released back to the page allocator and reused. This is     fixed in the following kernel versions: 4.9.135,     4.14.78, 4.18.16, 4.19. (CVE-2018-18281)

  - In the hidp_process_report in bluetooth, there is an     integer overflow. This could lead to an out of bounds     write with no additional execution privileges needed.
    User interaction is not needed for exploitation.
    Product: Android Versions: Android kernel Android ID:
    A-65853588 References: Upstream kernel. (CVE-2018-9363)

  - In pppol2tp_connect, there is possible memory corruption     due to a use after free. This could lead to local     escalation of privilege with System execution privileges     needed. User interaction is not needed for exploitation.
    Product: Android. Versions: Android kernel. Android ID:
    A-38159931. (CVE-2018-9517)

  - Insufficient input validation in Kernel Mode Driver in     Intel(R) i915 Graphics for Linux before version 5.0 may     allow an authenticated user to potentially enable     escalation of privilege via local access.
    (CVE-2019-11085)

  - The coredump implementation in the Linux kernel before     5.0.10 does not use locking or other mechanisms to     prevent vma layout or vma flags changes while it runs,     which allows local users to obtain sensitive     information, cause a denial of service, or possibly have     unspecified other impact by triggering a race condition     with mmget_not_zero or get_task_mm calls. This is     related to fs/userfaultfd.c, mm/mmap.c,     fs/proc/task_mmu.c, and     drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)

  - An issue was discovered in the Linux kernel before     5.0.7. A NULL pointer dereference can occur when     megasas_create_frame_pool() fails in     megasas_alloc_cmds() in     drivers/scsi/megaraid/megaraid_sas_base.c. This causes a     Denial of Service, related to a use-after-free.
    (CVE-2019-11810)

  - An issue was discovered in the Linux kernel before     5.0.4. There is a use-after-free upon attempted read     access to /proc/ioports after the ipmi_si module is     removed, related to drivers/char/ipmi/ipmi_si_intf.c,     drivers/char/ipmi/ipmi_si_mem_io.c, and     drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)

  - fs/ext4/extents.c in the Linux kernel through 5.1.2 does     not zero out the unused memory region in the extent tree     block, which might allow local users to obtain sensitive     information by reading uninitialized data in the     filesystem. (CVE-2019-11833)

  - A heap address information leak while using     L2CAP_GET_CONF_OPT was discovered in the Linux kernel     before 5.1-rc1. (CVE-2019-3459)

  - A heap data infoleak in multiple locations including     L2CAP_PARSE_CONF_RSP was found in the Linux kernel     before 5.1-rc1. (CVE-2019-3460)

  - A flaw was found in the Linux kernel's vfio interface     implementation that permits violation of the user's     locked memory limit. If a device is bound to a vfio     driver, such as vfio-pci, and the local attacker is     administratively granted ownership of the device, it may     cause a system memory exhaustion and thus a denial of     service (DoS). Versions 3.10, 4.14 and 4.18 are     vulnerable. (CVE-2019-3882)

  - An infinite loop issue was found in the vhost_net kernel     module in Linux Kernel up to and including v5.1-rc6,     while handling incoming packets in handle_rx(). It could     occur if one end sends packets faster than the other end     can process them. A guest user, maybe remote one, could     use this flaw to stall the vhost_net kernel thread,     resulting in a DoS scenario. (CVE-2019-3900)

  - The mincore() implementation in mm/mincore.c in the     Linux kernel through 4.19.13 allowed local attackers to     observe page cache access patterns of other processes on     the same system, potentially allowing sniffing of secret     information. (Fixing this affects the output of the     fincore program.) Limited remote exploitation may be     possible, as demonstrated by latency differences in     accessing public files from an Apache HTTP Server.
    (CVE-2019-5489)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:

  - A flaw was found in the way Linux kernel KVM hypervisor     before 4.18 emulated instructions such as     sgdt/sidt/fxsave/fxrstor. It did not check current     privilege(CPL) level while emulating unprivileged     instructions. An unprivileged guest user/process could     use this flaw to potentially escalate privileges inside     guest. (CVE-2018-10853)

  - A flaw was found in the Linux Kernel where an attacker     may be able to have an uncontrolled read to kernel-     memory from within a vm guest. A race condition between     connect() and close() function may allow an attacker     using the AF_VSOCK protocol to gather a 4 byte     information leak or possibly intercept or corrupt     AF_VSOCK messages destined to other clients.
    (CVE-2018-14625)

  - drivers/infiniband/core/ucma.c in the Linux kernel     through 4.17.11 allows ucma_leave_multicast to access a     certain data structure after a cleanup step in     ucma_process_join, which allows attackers to cause a     denial of service (use-after-free). (CVE-2018-14734)

  - arch/x86/kernel/paravirt.c in the Linux kernel before     4.18.1 mishandles certain indirect calls, which makes it     easier for attackers to conduct Spectre-v2 attacks     against paravirtual guests. (CVE-2018-15594)

  - A flaw was found in the Linux kernel's NFS     implementation, all versions 3.x and all versions 4.x up     to 4.20. An attacker, who is able to mount an exported     NFS filesystem, is able to trigger a null pointer     dereference by using an invalid NFS sequence. This can     panic the machine and deny access to the NFS server. Any     outstanding disk writes to the NFS server will be lost.
    (CVE-2018-16871)

  - A flaw was found in the Linux kernel's NFS41+ subsystem.
    NFS41+ shares mounted in different network namespaces at     the same time can make bc_svc_process() use wrong back-     channel IDs and cause a use-after-free vulnerability.
    Thus a malicious container user can cause a host kernel     memory corruption and a system panic. Due to the nature     of the flaw, privilege escalation cannot be fully ruled     out. (CVE-2018-16884)

  - Since Linux kernel version 3.2, the mremap() syscall     performs TLB flushes after dropping pagetable locks. If     a syscall such as ftruncate() removes entries from the     pagetables of a task that is in the middle of mremap(),     a stale TLB entry can remain for a short time that     permits access to a physical page after it has been     released back to the page allocator and reused. This is     fixed in the following kernel versions: 4.9.135,     4.14.78, 4.18.16, 4.19. (CVE-2018-18281)

  - In the hidp_process_report in bluetooth, there is an     integer overflow. This could lead to an out of bounds     write with no additional execution privileges needed.
    User interaction is not needed for exploitation.
    Product: Android Versions: Android kernel Android ID:
    A-65853588 References: Upstream kernel. (CVE-2018-9363)

  - In pppol2tp_connect, there is possible memory corruption     due to a use after free. This could lead to local     escalation of privilege with System execution privileges     needed. User interaction is not needed for exploitation.
    Product: Android. Versions: Android kernel. Android ID:
    A-38159931. (CVE-2018-9517)

  - Insufficient input validation in Kernel Mode Driver in     Intel(R) i915 Graphics for Linux before version 5.0 may     allow an authenticated user to potentially enable     escalation of privilege via local access.
    (CVE-2019-11085)

  - The coredump implementation in the Linux kernel before     5.0.10 does not use locking or other mechanisms to     prevent vma layout or vma flags changes while it runs,     which allows local users to obtain sensitive     information, cause a denial of service, or possibly have     unspecified other impact by triggering a race condition     with mmget_not_zero or get_task_mm calls. This is     related to fs/userfaultfd.c, mm/mmap.c,     fs/proc/task_mmu.c, and     drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)

  - An issue was discovered in the Linux kernel before     5.0.7. A NULL pointer dereference can occur when     megasas_create_frame_pool() fails in     megasas_alloc_cmds() in     drivers/scsi/megaraid/megaraid_sas_base.c. This causes a     Denial of Service, related to a use-after-free.
    (CVE-2019-11810)

  - An issue was discovered in the Linux kernel before     5.0.4. There is a use-after-free upon attempted read     access to /proc/ioports after the ipmi_si module is     removed, related to drivers/char/ipmi/ipmi_si_intf.c,     drivers/char/ipmi/ipmi_si_mem_io.c, and     drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)

  - fs/ext4/extents.c in the Linux kernel through 5.1.2 does     not zero out the unused memory region in the extent tree     block, which might allow local users to obtain sensitive     information by reading uninitialized data in the     filesystem. (CVE-2019-11833)

  - A heap address information leak while using     L2CAP_GET_CONF_OPT was discovered in the Linux kernel     before 5.1-rc1. (CVE-2019-3459)

  - A heap data infoleak in multiple locations including     L2CAP_PARSE_CONF_RSP was found in the Linux kernel     before 5.1-rc1. (CVE-2019-3460)

  - A flaw was found in the Linux kernel's vfio interface     implementation that permits violation of the user's     locked memory limit. If a device is bound to a vfio     driver, such as vfio-pci, and the local attacker is     administratively granted ownership of the device, it may     cause a system memory exhaustion and thus a denial of     service (DoS). Versions 3.10, 4.14 and 4.18 are     vulnerable. (CVE-2019-3882)

  - An infinite loop issue was found in the vhost_net kernel     module in Linux Kernel up to and including v5.1-rc6,     while handling incoming packets in handle_rx(). It could     occur if one end sends packets faster than the other end     can process them. A guest user, maybe remote one, could     use this flaw to stall the vhost_net kernel thread,     resulting in a DoS scenario. (CVE-2019-3900)

  - The mincore() implementation in mm/mincore.c in the     Linux kernel through 4.19.13 allowed local attackers to     observe page cache access patterns of other processes on     the same system, potentially allowing sniffing of secret     information. (Fixing this affects the output of the     fincore program.) Limited remote exploitation may be     possible, as demonstrated by latency differences in     accessing public files from an Apache HTTP Server.
    (CVE-2019-5489)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es) :

* Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)

* Kernel: page cache side channel attacks (CVE-2019-5489)

* kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)

* kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517)

* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)

* kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)

* kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ ucma.c (CVE-2018-14734)

* kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594)

* kernel: TLB flush happens too late on mremap (CVE-2018-18281)

* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)

* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)

* kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)

* kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)

* kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810)

* kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)

* kernel: Information exposure in fd_locked_ioctl function in drivers/block/ floppy.c (CVE-2018-7755)

* kernel: Memory leak in drivers/net/wireless/ mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service (CVE-2018-8087)

* kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/ hid/hid-debug.c (CVE-2018-9516)

* kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053)

* kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093)

* kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094)

* kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095)

* kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658)

* kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)

* Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Security Fix(es) :

  - Kernel: vhost_net: infinite loop while receiving packets     leads to DoS (CVE-2019-3900)

  - Kernel: page cache side channel attacks (CVE-2019-5489)

  - kernel: Buffer overflow in hidp_process_report     (CVE-2018-9363)

  - kernel: l2tp: Race condition between     pppol2tp_session_create() and l2tp_eth_create()     (CVE-2018-9517)

  - kernel: kvm: guest userspace to guest kernel write     (CVE-2018-10853)

  - kernel: use-after-free Read in vhost_transport_send_pkt     (CVE-2018-14625)

  - kernel: use-after-free in ucma_leave_multicast in     drivers/infiniband/core/ucma.c (CVE-2018-14734)

  - kernel: Mishandling of indirect calls weakens Spectre     mitigation for paravirtual guests (CVE-2018-15594)

  - kernel: TLB flush happens too late on mremap     (CVE-2018-18281)

  - kernel: Heap address information leak while using     L2CAP_GET_CONF_OPT (CVE-2019-3459)

  - kernel: Heap address information leak while using     L2CAP_PARSE_CONF_RSP (CVE-2019-3460)

  - kernel: denial of service vector through vfio DMA     mappings (CVE-2019-3882)

  - kernel: fix race condition between     mmget_not_zero()/get_task_mm() and core dumping     (CVE-2019-11599)

  - kernel: a NULL pointer dereference in     drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS     (CVE-2019-11810)

  - kernel: fs/ext4/extents.c leads to information     disclosure (CVE-2019-11833)

  - kernel: Information exposure in fd_locked_ioctl function     in drivers/block/floppy.c (CVE-2018-7755)

  - kernel: Memory leak in     drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl     () can lead to potential denial of service     (CVE-2018-8087)

  - kernel: HID: debug: Buffer overflow in     hid_debug_events_read() in drivers/hid/hid-debug.c     (CVE-2018-9516)

  - kernel: Integer overflow in the alarm_timer_nsleep     function (CVE-2018-13053)

  - kernel: NULL pointer dereference in lookup_slow function     (CVE-2018-13093)

  - kernel: NULL pointer dereference in xfs_da_shrink_inode     function (CVE-2018-13094)

  - kernel: NULL pointer dereference in     fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095)

  - kernel: Information leak in cdrom_ioctl_drive_status     (CVE-2018-16658)

  - kernel: out-of-bound read in memcpy_fromiovecend()     (CVE-2018-16885)

  - Kernel: KVM: leak of uninitialized stack contents to     guest (CVE-2019-7222)

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es) :

* Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)

* Kernel: page cache side channel attacks (CVE-2019-5489)

* kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)

* kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517)

* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)

* kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)

* kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ ucma.c (CVE-2018-14734)

* kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594)

* kernel: TLB flush happens too late on mremap (CVE-2018-18281)

* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)

* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)

* kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)

* kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)

* kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810)

* kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)

* kernel: Information exposure in fd_locked_ioctl function in drivers/block/ floppy.c (CVE-2018-7755)

* kernel: Memory leak in drivers/net/wireless/ mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service (CVE-2018-8087)

* kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/ hid/hid-debug.c (CVE-2018-9516)

* kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053)

* kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093)

* kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094)

* kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095)

* kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658)

* kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)

* Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

USN-3932-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.

It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18249)

Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616)

Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata.
An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash).
(CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613)

Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884)

It was discovered that a use-after-free vulnerability existed in the PPP over L2TP implementation in the Linux kernel. A privileged local attacker could use this to possibly execute arbitrary code.
(CVE-2018-9517)

Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel.
An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460)

Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974)

Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221)

Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM).
(CVE-2019-7222)

Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213)

Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701)

Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that a race condition existed in the f2fs file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18249)

Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616)

Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata.
An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash).
(CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613)

Vasily Averin and Evgenii Shatokhin discovered that a use-after-free vulnerability existed in the NFS41+ subsystem when multiple network namespaces are in use. A local attacker in a container could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16884)

It was discovered that a use-after-free vulnerability existed in the PPP over L2TP implementation in the Linux kernel. A privileged local attacker could use this to possibly execute arbitrary code.
(CVE-2018-9517)

Shlomi Oberman, Yuli Shapiro, and Ran Menscher discovered an information leak in the Bluetooth implementation of the Linux kernel.
An attacker within Bluetooth range could use this to expose sensitive information (kernel memory). (CVE-2019-3459, CVE-2019-3460)

Jann Horn discovered that the KVM implementation in the Linux kernel contained a use-after-free vulnerability. An attacker in a guest VM with access to /dev/kvm could use this to cause a denial of service (guest VM crash). (CVE-2019-6974)

Jim Mattson and Felix Wilhelm discovered a use-after-free vulnerability in the KVM subsystem of the Linux kernel, when using nested virtual machines. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code in the host system. (CVE-2019-7221)

Felix Wilhelm discovered that an information leak vulnerability existed in the KVM subsystem of the Linux kernel, when nested virtualization is used. A local attacker could use this to expose sensitive information (host system memory to a guest VM).
(CVE-2019-7222)

Jann Horn discovered that the mmap implementation in the Linux kernel did not properly check for the mmap minimum address in some situations. A local attacker could use this to assist exploiting a kernel NULL pointer dereference vulnerability. (CVE-2019-9213)

Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701)

Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
154016	OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0035)	Nessus	OracleVM Local Security Checks	high
153964	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9473)	Nessus	Oracle Linux Local Security Checks	high
153625	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:3206-1)	Nessus	SuSE Local Security Checks	high
153616	SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3217-1)	Nessus	SuSE Local Security Checks	high
153581	SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3192-1)	Nessus	SuSE Local Security Checks	high
148041	EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)	Nessus	Huawei Local Security Checks	high
137391	Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-163-01)	Nessus	Slackware Local Security Checks	medium
132495	NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)	Nessus	NewStart CGSL Local Security Checks	high
132474	NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)	Nessus	NewStart CGSL Local Security Checks	high
129920	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)	Nessus	NewStart CGSL Local Security Checks	medium
129900	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)	Nessus	NewStart CGSL Local Security Checks	medium
128651	CentOS 7 : kernel (CESA-2019:2029)	Nessus	CentOS Local Security Checks	medium
128226	Scientific Linux Security Update : kernel on SL7.x x86_64 (20190806)	Nessus	Scientific Linux Local Security Checks	medium
127655	RHEL 7 : kernel-rt (RHSA-2019:2043)	Nessus	Red Hat Local Security Checks	medium
127650	RHEL 7 : kernel (RHSA-2019:2029)	Nessus	Red Hat Local Security Checks	medium
123681	Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3932-2)	Nessus	Ubuntu Local Security Checks	medium
123680	Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3932-1)	Nessus	Ubuntu Local Security Checks	medium

CVE-2018-9517

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high

medium

high

high

medium

medium

medium

medium

medium

medium

medium

medium