Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2020-1465.NASLHistoryApr 14, 2020 - 12:00 a.m.
RHEL 7 : kernel (RHSA-2020:1465)
2020-04-1400:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
129
8.3 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.6%
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1465 advisory.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)
* Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Slow console output with ast (Aspeed) graphics driver (BZ#1780146)
* VFS: Busy inodes after unmount of loop0 when encountering duplicate directory inodes (BZ#1781158)
* RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1795648)
* System Crash on vport creation (NPIV on FCoE) (BZ#1796363)
* A directory on a gfs2 filesystem appears corrupt on nodeB after nodeA renames the directory (BZ#1796430)
* [GSS] Can't access the mount point due to possible blocking of i/o on rbd (BZ#1796434)
* [xfstests]: copy_file_range cause corruption on rhel-7 (BZ#1797966)
* port show-kabi to python3 (BZ#1806928)
* top shows super high loads when tuned profile realtime-virtual-host is applied (BZ#1808028)
Enhancement(s):
* scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show' (BZ#1791594)
* [Cavium 7.7 Feat] qla2xxx: Update to latest upstream. (BZ#1797503)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2020:1465. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(135457);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");
script_cve_id("CVE-2019-17666", "CVE-2019-19338");
script_xref(name:"RHSA", value:"2020:1465");
script_name(english:"RHEL 7 : kernel (RHSA-2020:1465)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2020:1465 advisory.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain
upper-bound check, leading to a buffer overflow (CVE-2019-17666)
* Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)
(CVE-2019-19338)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Slow console output with ast (Aspeed) graphics driver (BZ#1780146)
* VFS: Busy inodes after unmount of loop0 when encountering duplicate directory inodes (BZ#1781158)
* RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1795648)
* System Crash on vport creation (NPIV on FCoE) (BZ#1796363)
* A directory on a gfs2 filesystem appears corrupt on nodeB after nodeA renames the directory (BZ#1796430)
* [GSS] Can't access the mount point due to possible blocking of i/o on rbd (BZ#1796434)
* [xfstests]: copy_file_range cause corruption on rhel-7 (BZ#1797966)
* port show-kabi to python3 (BZ#1806928)
* top shows super high loads when tuned profile realtime-virtual-host is applied (BZ#1808028)
Enhancement(s):
* scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show' (BZ#1791594)
* [Cavium 7.7 Feat] qla2xxx: Update to latest upstream. (BZ#1797503)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2020/rhsa-2020_1465.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7f8c38c");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1465");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1763690");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1781514");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17666");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(120, 203);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/17");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:7.6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
include('ksplice.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','7.6'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
rm_kb_item(name:'Host/uptrack-uname-r');
var cve_list = make_list('CVE-2019-17666', 'CVE-2019-19338');
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2020:1465');
}
else
{
__rpm_report = ksplice_reporting_text();
}
}
var constraints = [
{
'repo_relative_urls': [
'content/aus/rhel/server/7/7.6/x86_64/debug',
'content/aus/rhel/server/7/7.6/x86_64/optional/debug',
'content/aus/rhel/server/7/7.6/x86_64/optional/os',
'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',
'content/aus/rhel/server/7/7.6/x86_64/os',
'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',
'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',
'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',
'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',
'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',
'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',
'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',
'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',
'content/e4s/rhel/power-le/7/7.6/ppc64le/os',
'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',
'content/e4s/rhel/server/7/7.6/x86_64/debug',
'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',
'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',
'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',
'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',
'content/e4s/rhel/server/7/7.6/x86_64/optional/os',
'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',
'content/e4s/rhel/server/7/7.6/x86_64/os',
'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',
'content/eus/rhel/computenode/7/7.6/x86_64/debug',
'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',
'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',
'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',
'content/eus/rhel/computenode/7/7.6/x86_64/os',
'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',
'content/eus/rhel/power-le/7/7.6/ppc64le/debug',
'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',
'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',
'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',
'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',
'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',
'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',
'content/eus/rhel/power-le/7/7.6/ppc64le/os',
'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',
'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',
'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',
'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',
'content/eus/rhel/power/7/7.6/ppc64/debug',
'content/eus/rhel/power/7/7.6/ppc64/optional/debug',
'content/eus/rhel/power/7/7.6/ppc64/optional/os',
'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',
'content/eus/rhel/power/7/7.6/ppc64/os',
'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',
'content/eus/rhel/server/7/7.6/x86_64/debug',
'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',
'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',
'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',
'content/eus/rhel/server/7/7.6/x86_64/optional/debug',
'content/eus/rhel/server/7/7.6/x86_64/optional/os',
'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',
'content/eus/rhel/server/7/7.6/x86_64/os',
'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',
'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',
'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',
'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',
'content/eus/rhel/system-z/7/7.6/s390x/debug',
'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',
'content/eus/rhel/system-z/7/7.6/s390x/optional/os',
'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',
'content/eus/rhel/system-z/7/7.6/s390x/os',
'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',
'content/tus/rhel/server/7/7.6/x86_64/debug',
'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',
'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',
'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',
'content/tus/rhel/server/7/7.6/x86_64/optional/debug',
'content/tus/rhel/server/7/7.6/x86_64/optional/os',
'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',
'content/tus/rhel/server/7/7.6/x86_64/os',
'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'
],
'pkgs': [
{'reference':'bpftool-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-bootwrapper-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-bootwrapper-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kdump-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kdump-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-perf-3.10.0-957.48.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
]
},
{
'repo_relative_urls': [
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhv-mgmt-agent/4/debug',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhv-mgmt-agent/4/os',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhv-mgmt-agent/4/source/SRPMS',
'content/dist/rhel/power-le/7/7.3/ppc64le/rhev-mgmt-agent/3/debug',
'content/dist/rhel/power-le/7/7.3/ppc64le/rhev-mgmt-agent/3/os',
'content/dist/rhel/power-le/7/7.3/ppc64le/rhev-mgmt-agent/3/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhev-mgmt-agent/3/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhev-mgmt-agent/3/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhev-mgmt-agent/3/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhev-tools/3/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhev-tools/3/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhev-tools/3/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhv-mgmt-agent/4/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhv-mgmt-agent/4/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhv-mgmt-agent/4/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhv-tools/4/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhv-tools/4/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhv-tools/4/source/SRPMS',
'content/dist/rhel/power/7/7Server/ppc64/rhev-tools/3/debug',
'content/dist/rhel/power/7/7Server/ppc64/rhev-tools/3/os',
'content/dist/rhel/power/7/7Server/ppc64/rhev-tools/3/source/SRPMS',
'content/dist/rhel/server/7/7.3/x86_64/rhev-mgmt-agent/3/debug',
'content/dist/rhel/server/7/7.3/x86_64/rhev-mgmt-agent/3/os',
'content/dist/rhel/server/7/7.3/x86_64/rhev-mgmt-agent/3/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhev-mgmt-agent/3/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhev-mgmt-agent/3/os',
'content/dist/rhel/server/7/7Server/x86_64/rhev-mgmt-agent/3/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhevh/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhevh/os',
'content/dist/rhel/server/7/7Server/x86_64/rhevh/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhv-manager-tools/4/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhv-manager-tools/4/os',
'content/dist/rhel/server/7/7Server/x86_64/rhv-manager-tools/4/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhv-mgmt-agent/4.3/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhv-mgmt-agent/4.3/os',
'content/dist/rhel/server/7/7Server/x86_64/rhv-mgmt-agent/4.3/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhv-mgmt-agent/4/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhv-mgmt-agent/4/os',
'content/dist/rhel/server/7/7Server/x86_64/rhv-mgmt-agent/4/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhv-tools/4/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhv-tools/4/os',
'content/dist/rhel/server/7/7Server/x86_64/rhv-tools/4/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhvh-build/4.3/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhvh-build/4.3/os',
'content/dist/rhel/server/7/7Server/x86_64/rhvh-build/4.3/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhvh-build/4/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhvh-build/4/os',
'content/dist/rhel/server/7/7Server/x86_64/rhvh-build/4/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhvh/4.3/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhvh/4.3/os',
'content/dist/rhel/server/7/7Server/x86_64/rhvh/4.3/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhvh/4/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhvh/4/os',
'content/dist/rhel/server/7/7Server/x86_64/rhvh/4/source/SRPMS'
],
'pkgs': [
{'reference':'bpftool-3.10.0-957.48.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-3.10.0-957.48.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-3.10.0-957.48.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-3.10.0-957.48.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-3.10.0-957.48.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-bootwrapper-3.10.0-957.48.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-bootwrapper-3.10.0-957.48.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-3.10.0-957.48.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-3.10.0-957.48.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-3.10.0-957.48.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-3.10.0-957.48.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-3.10.0-957.48.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-3.10.0-957.48.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-3.10.0-957.48.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-3.10.0-957.48.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-3.10.0-957.48.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-3.10.0-957.48.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-3.10.0-957.48.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-3.10.0-957.48.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-3.10.0-957.48.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-3.10.0-957.48.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-3.10.0-957.48.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-3.10.0-957.48.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kdump-3.10.0-957.48.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kdump-devel-3.10.0-957.48.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-3.10.0-957.48.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-3.10.0-957.48.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-3.10.0-957.48.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-3.10.0-957.48.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-3.10.0-957.48.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-3.10.0-957.48.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-3.10.0-957.48.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-3.10.0-957.48.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-3.10.0-957.48.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-3.10.0-957.48.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-3.10.0-957.48.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-3.10.0-957.48.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-3.10.0-957.48.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-perf-3.10.0-957.48.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-perf-3.10.0-957.48.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-perf-3.10.0-957.48.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-perf-3.10.0-957.48.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-bootwrapper / kernel-debug / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | bpftool | p-cpe:/a:redhat:enterprise_linux:bpftool |
| redhat | rhel_eus | 7.6 | cpe:/o:redhat:rhel_eus:7.6 |
| redhat | enterprise_linux | kernel-headers | p-cpe:/a:redhat:enterprise_linux:kernel-headers |
| redhat | enterprise_linux | kernel-tools | p-cpe:/a:redhat:enterprise_linux:kernel-tools |
| redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
| redhat | enterprise_linux | kernel-devel | p-cpe:/a:redhat:enterprise_linux:kernel-devel |
| redhat | enterprise_linux | kernel-tools-libs-devel | p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel |
| redhat | enterprise_linux | kernel-debug-devel | p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel |
| redhat | enterprise_linux | kernel-kdump | p-cpe:/a:redhat:enterprise_linux:kernel-kdump |
| redhat | enterprise_linux | kernel-bootwrapper | p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338
www.nessus.org/u?c7f8c38c
access.redhat.com/errata/RHSA-2020:1465
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1763690
bugzilla.redhat.com/show_bug.cgi?id=1781514
Related
redhat
redhat
(RHSA-2020:1465) Important: kernel security, bug fix, and enhancement update
2020-04-14 14:34:17
(RHSA-2020:0839) Important: kernel-rt security and bug fix update
2020-03-17 13:09:52
(RHSA-2020:0834) Important: kernel security, bug fix, and enhancement update
2020-03-17 13:09:43
nessus
nessus
Oracle Linux 7 : kernel (ELSA-2020-0834)
2020-03-19 00:00:00
RHEL 7 : kernel (RHSA-2020:0834)
2020-03-18 00:00:00
RHEL 7 : kernel-rt (RHSA-2020:0839)
2020-03-23 00:00:00
openvas
openvas
CentOS: Security Advisory for bpftool (CESA-2020:0839)
2020-03-26 00:00:00
Mageia: Security Advisory (MGASA-2019-0306)
2022-01-28 00:00:00
Fedora Update for kernel-tools FEDORA-2019-6a67ff8793
2020-01-09 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2020-03-18 19:22:23
kernel, perf, python security update
2020-04-28 00:28:59
qemu security update
2020-02-06 00:20:07
cve
cve
veracode
veracode
Information Disclosure
2020-02-11 00:29:27
Information Disclosure
2019-11-13 00:20:00
nvd
nvd
redhatcve
redhatcve
f5
f5
K84933088 : Linux kernel vulnerability CVE-2019-19338
2022-05-20 00:00:00
K56851402 : Linux kernel vulnerability CVE-2019-17666
2020-09-11 00:00:00
K02912734 : Intel CPU vulnerability CVE-2019-11135
2019-11-15 00:00:00
cvelist
cvelist
debiancve
debiancve
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2020-07-13 17:15:00
Buffer overflow
2019-10-17 02:15:00
Design/Logic Flaw
2019-11-14 19:15:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2020-03-18 00:00:00
Unbreakable Enterprise kernel security update
2019-11-12 00:00:00
Unbreakable Enterprise kernel security update
2019-11-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-19338 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
symantec
symantec
Linux Kernel CVE-2019-17666 Buffer Overflow Vulnerability
2019-10-16 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: kernel-tools-5.3.7-300.fc31
2019-10-24 17:10:10
[SECURITY] Fedora 31 Update: kernel-5.3.7-301.fc31
2019-10-24 17:10:09
archlinux
archlinux
[ASA-201911-12] linux-zen: arbitrary code execution
2019-11-13 00:00:00
[ASA-201911-10] linux: arbitrary code execution
2019-11-13 00:00:00
[ASA-201911-11] linux-lts: arbitrary code execution
2019-11-13 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2019-10-29 17:54:30
almalinux
almalinux
Moderate: virt:rhel security update
2020-01-29 13:42:54
thn
thn
New ZombieLoad v2 Attack Affects Intel's Latest Cascade Lake CPUs
2019-11-13 15:46:00
ubuntu
ubuntu
Linux kernel vulnerability
2019-11-13 00:00:00
Linux kernel vulnerability
2019-11-13 00:00:00
Intel Microcode regression
2019-12-04 00:00:00
osv
osv
CVE-2019-11135
2019-11-14 19:15:13
Moderate: virt:rhel security update
2020-01-29 13:42:54
Moderate: virt:rhel security update
2020-01-29 13:42:54
photon
photon
ibm
ibm
xen
xen
TSX Asynchronous Abort speculative side channel
2019-11-12 17:53:00
intel
intel
2019.2 IPU – TSX Asynchronous Abort Advisory
2021-05-11 00:00:00
rocky
rocky
virt:rhel security update
2020-01-29 13:42:54
mscve
mscve
Windows Kernel Information Disclosure Vulnerability
2019-11-12 08:00:00
alpinelinux
alpinelinux
CVE-2019-11135
2019-11-14 19:15:13
threatpost
threatpost
Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise
2019-10-18 15:55:37
debian
debian
[SECURITY] [DLA 2051-1] intel-microcode security update
2019-12-30 22:33:18
[SECURITY] [DSA 4565-1] intel-microcode security update
2019-11-13 06:05:34
[SECURITY] [DSA 4565-2] intel-microcode security update
2019-12-13 20:15:51
citrix
citrix
Citrix Hypervisor Security Update
2019-11-12 05:00:00
vmware
vmware
amazon
amazon
Medium: microcode_ctl, kernel
2019-11-14 20:06:00
Medium: microcode_ctl, kernel
2019-11-14 20:01:00
suse
suse
Security update for ucode-intel (important)
2019-11-14 00:00:00
Security update for ucode-intel (important)
2019-11-18 00:00:00
Security update for ucode-intel (important)
2019-11-18 00:00:00
cloudfoundry
cloudfoundry
USN-4182-3: Intel Microcode regression | Cloud Foundry
2019-12-18 00:00:00
mskb
mskb
November 12, 2019—KB4525245 (OS Build 15063.2172)
2019-11-12 00:00:00
8.3 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.6%
Related for REDHAT-RHSA-2020-1465.NASL