ID CVE-2018-5390
Summary Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:virtualization:4.0
    cpe:2.3:a:redhat:virtualization:4.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
  • Red Hat Enterprise Linux Server AUS 7.2
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2
  • Red Hat Enterprise Linux Advanced mission critical Update Support (AUS) 7.3
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7
  • Red Hat Enterprise Linux Server EUS 7.2
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.3
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Linux Kernel 4.9
    cpe:2.3:o:linux:linux_kernel:4.9
  • Linux Kernel 4.9 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:4.9:rc1
  • Linux Kernel 4.9 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:4.9:rc2
  • Linux Kernel 4.9 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:4.9:rc3
  • Linux Kernel 4.9 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:4.9:rc4
  • Linux Kernel 4.9 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:4.9:rc5
  • Linux Kernel 4.9 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:4.9:rc6
  • Linux Kernel 4.9 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:4.9:rc7
  • Linux Kernel 4.9 Release Candidate 8
    cpe:2.3:o:linux:linux_kernel:4.9:rc8
  • Linux Kernel 4.9.1
    cpe:2.3:o:linux:linux_kernel:4.9.1
  • Linux Kernel 4.9.2
    cpe:2.3:o:linux:linux_kernel:4.9.2
  • Linux Kernel 4.9.3
    cpe:2.3:o:linux:linux_kernel:4.9.3
  • Linux Kernel 4.9.4
    cpe:2.3:o:linux:linux_kernel:4.9.4
  • Linux Kernel 4.9.5
    cpe:2.3:o:linux:linux_kernel:4.9.5
  • Linux Kernel 4.9.6
    cpe:2.3:o:linux:linux_kernel:4.9.6
  • Linux Kernel 4.9.7
    cpe:2.3:o:linux:linux_kernel:4.9.7
  • Linux Kernel 4.9.8
    cpe:2.3:o:linux:linux_kernel:4.9.8
  • Linux Kernel 4.9.9
    cpe:2.3:o:linux:linux_kernel:4.9.9
  • Linux Kernel 4.9.10
    cpe:2.3:o:linux:linux_kernel:4.9.10
  • Linux Kernel 4.9.11
    cpe:2.3:o:linux:linux_kernel:4.9.11
  • Linux Kernel 4.9.12
    cpe:2.3:o:linux:linux_kernel:4.9.12
  • Linux Kernel 4.9.13
    cpe:2.3:o:linux:linux_kernel:4.9.13
  • Linux Kernel 4.9.14
    cpe:2.3:o:linux:linux_kernel:4.9.14
  • Linux Kernel 4.9.15
    cpe:2.3:o:linux:linux_kernel:4.9.15
  • Linux Kernel 4.9.16
    cpe:2.3:o:linux:linux_kernel:4.9.16
  • Linux Kernel 4.9.17
    cpe:2.3:o:linux:linux_kernel:4.9.17
  • Linux Kernel 4.9.18
    cpe:2.3:o:linux:linux_kernel:4.9.18
  • Linux Kernel 4.9.19
    cpe:2.3:o:linux:linux_kernel:4.9.19
  • Linux Kernel 4.9.20
    cpe:2.3:o:linux:linux_kernel:4.9.20
  • Linux Kernel 4.9.21
    cpe:2.3:o:linux:linux_kernel:4.9.21
  • Linux Kernel 4.9.22
    cpe:2.3:o:linux:linux_kernel:4.9.22
  • Linux Kernel 4.9.23
    cpe:2.3:o:linux:linux_kernel:4.9.23
  • Linux Kernel 4.9.24
    cpe:2.3:o:linux:linux_kernel:4.9.24
  • Linux Kernel 4.9.25
    cpe:2.3:o:linux:linux_kernel:4.9.25
  • Linux Kernel 4.9.26
    cpe:2.3:o:linux:linux_kernel:4.9.26
  • Linux Kernel 4.9.27
    cpe:2.3:o:linux:linux_kernel:4.9.27
  • Linux Kernel 4.9.28
    cpe:2.3:o:linux:linux_kernel:4.9.28
  • Linux Kernel 4.9.29
    cpe:2.3:o:linux:linux_kernel:4.9.29
  • Linux Kernel 4.9.30
    cpe:2.3:o:linux:linux_kernel:4.9.30
  • Linux Kernel 4.9.31
    cpe:2.3:o:linux:linux_kernel:4.9.31
  • Linux Kernel 4.9.32
    cpe:2.3:o:linux:linux_kernel:4.9.32
  • Linux Kernel 4.9.33
    cpe:2.3:o:linux:linux_kernel:4.9.33
  • Linux Kernel 4.9.34
    cpe:2.3:o:linux:linux_kernel:4.9.34
  • Linux Kernel 4.9.35
    cpe:2.3:o:linux:linux_kernel:4.9.35
  • Linux Kernel 4.9.36
    cpe:2.3:o:linux:linux_kernel:4.9.36
  • Linux Kernel 4.9.37
    cpe:2.3:o:linux:linux_kernel:4.9.37
  • Linux Kernel 4.9.38
    cpe:2.3:o:linux:linux_kernel:4.9.38
  • Linux Kernel 4.9.39
    cpe:2.3:o:linux:linux_kernel:4.9.39
  • Linux Kernel 4.9.40
    cpe:2.3:o:linux:linux_kernel:4.9.40
  • Linux Kernel 4.9.41
    cpe:2.3:o:linux:linux_kernel:4.9.41
  • Linux Kernel 4.9.42
    cpe:2.3:o:linux:linux_kernel:4.9.42
  • Linux Kernel 4.9.43
    cpe:2.3:o:linux:linux_kernel:4.9.43
  • Linux Kernel 4.9.44
    cpe:2.3:o:linux:linux_kernel:4.9.44
  • Linux Kernel 4.9.45
    cpe:2.3:o:linux:linux_kernel:4.9.45
  • Linux Kernel 4.9.46
    cpe:2.3:o:linux:linux_kernel:4.9.46
  • Linux Kernel 4.9.47
    cpe:2.3:o:linux:linux_kernel:4.9.47
  • Linux Kernel 4.9.48
    cpe:2.3:o:linux:linux_kernel:4.9.48
  • Linux Kernel 4.9.49
    cpe:2.3:o:linux:linux_kernel:4.9.49
  • Linux Kernel 4.9.50
    cpe:2.3:o:linux:linux_kernel:4.9.50
  • Linux Kernel 4.9.51
    cpe:2.3:o:linux:linux_kernel:4.9.51
  • Linux Kernel 4.9.52
    cpe:2.3:o:linux:linux_kernel:4.9.52
  • Linux Kernel 4.9.53
    cpe:2.3:o:linux:linux_kernel:4.9.53
  • Linux Kernel 4.9.54
    cpe:2.3:o:linux:linux_kernel:4.9.54
  • Linux Kernel 4.9.55
    cpe:2.3:o:linux:linux_kernel:4.9.55
  • Linux Kernel 4.9.56
    cpe:2.3:o:linux:linux_kernel:4.9.56
  • Linux Kernel 4.9.57
    cpe:2.3:o:linux:linux_kernel:4.9.57
  • Linux Kernel 4.9.58
    cpe:2.3:o:linux:linux_kernel:4.9.58
  • Linux Kernel 4.9.59
    cpe:2.3:o:linux:linux_kernel:4.9.59
  • Linux Kernel 4.9.60
    cpe:2.3:o:linux:linux_kernel:4.9.60
  • Linux Kernel 4.9.61
    cpe:2.3:o:linux:linux_kernel:4.9.61
  • Linux Kernel 4.9.62
    cpe:2.3:o:linux:linux_kernel:4.9.62
  • Linux Kernel 4.9.63
    cpe:2.3:o:linux:linux_kernel:4.9.63
  • Linux Kernel 4.9.64
    cpe:2.3:o:linux:linux_kernel:4.9.64
  • Linux Kernel 4.9.65
    cpe:2.3:o:linux:linux_kernel:4.9.65
  • Linux Kernel 4.9.66
    cpe:2.3:o:linux:linux_kernel:4.9.66
  • Linux Kernel 4.9.67
    cpe:2.3:o:linux:linux_kernel:4.9.67
  • Linux Kernel 4.9.68
    cpe:2.3:o:linux:linux_kernel:4.9.68
  • Linux Kernel 4.9.69
    cpe:2.3:o:linux:linux_kernel:4.9.69
  • Linux Kernel 4.9.70
    cpe:2.3:o:linux:linux_kernel:4.9.70
  • Linux Kernel 4.9.71
    cpe:2.3:o:linux:linux_kernel:4.9.71
  • Linux Kernel 4.9.72
    cpe:2.3:o:linux:linux_kernel:4.9.72
  • Linux Kernel 4.9.73
    cpe:2.3:o:linux:linux_kernel:4.9.73
  • Linux Kernel 4.9.74
    cpe:2.3:o:linux:linux_kernel:4.9.74
  • Linux Kernel 4.9.75
    cpe:2.3:o:linux:linux_kernel:4.9.75
  • Linux Kernel 4.9.76
    cpe:2.3:o:linux:linux_kernel:4.9.76
  • Linux Kernel 4.9.77
    cpe:2.3:o:linux:linux_kernel:4.9.77
  • Linux Kernel 4.9.78
    cpe:2.3:o:linux:linux_kernel:4.9.78
  • Linux Kernel 4.9.79
    cpe:2.3:o:linux:linux_kernel:4.9.79
  • Linux Kernel 4.9.80
    cpe:2.3:o:linux:linux_kernel:4.9.80
  • Linux Kernel 4.9.81
    cpe:2.3:o:linux:linux_kernel:4.9.81
  • Linux Kernel 4.9.82
    cpe:2.3:o:linux:linux_kernel:4.9.82
  • Linux Kernel 4.9.83
    cpe:2.3:o:linux:linux_kernel:4.9.83
  • Linux Kernel 4.9.84
    cpe:2.3:o:linux:linux_kernel:4.9.84
  • Linux Kernel 4.9.85
    cpe:2.3:o:linux:linux_kernel:4.9.85
  • Linux Kernel 4.9.86
    cpe:2.3:o:linux:linux_kernel:4.9.86
  • Linux Kernel 4.9.87
    cpe:2.3:o:linux:linux_kernel:4.9.87
  • Linux Kernel 4.9.88
    cpe:2.3:o:linux:linux_kernel:4.9.88
  • Linux Kernel 4.9.89
    cpe:2.3:o:linux:linux_kernel:4.9.89
  • Linux Kernel 4.9.90
    cpe:2.3:o:linux:linux_kernel:4.9.90
  • Linux Kernel 4.9.91
    cpe:2.3:o:linux:linux_kernel:4.9.91
  • Linux Kernel 4.9.92
    cpe:2.3:o:linux:linux_kernel:4.9.92
  • Linux Kernel 4.9.93
    cpe:2.3:o:linux:linux_kernel:4.9.93
  • Linux Kernel 4.9.94
    cpe:2.3:o:linux:linux_kernel:4.9.94
  • Linux Kernel 4.9.95
    cpe:2.3:o:linux:linux_kernel:4.9.95
  • Linux Kernel 4.9.96
    cpe:2.3:o:linux:linux_kernel:4.9.96
  • Linux Kernel 4.9.97
    cpe:2.3:o:linux:linux_kernel:4.9.97
  • Linux Kernel 4.9.98
    cpe:2.3:o:linux:linux_kernel:4.9.98
  • Linux Kernel 4.9.99
    cpe:2.3:o:linux:linux_kernel:4.9.99
  • Linux Kernel 4.9.100
    cpe:2.3:o:linux:linux_kernel:4.9.100
  • Linux Kernel 4.9.101
    cpe:2.3:o:linux:linux_kernel:4.9.101
  • Linux Kernel 4.9.102
    cpe:2.3:o:linux:linux_kernel:4.9.102
  • Linux Kernel 4.9.103
    cpe:2.3:o:linux:linux_kernel:4.9.103
  • Linux Kernel 4.9.104
    cpe:2.3:o:linux:linux_kernel:4.9.104
  • Linux Kernel 4.9.105
    cpe:2.3:o:linux:linux_kernel:4.9.105
  • Linux Kernel 4.9.106
    cpe:2.3:o:linux:linux_kernel:4.9.106
  • Linux Kernel 4.9.107
    cpe:2.3:o:linux:linux_kernel:4.9.107
  • Linux Kernel 4.9.108
    cpe:2.3:o:linux:linux_kernel:4.9.108
  • Linux Kernel 4.9.109
    cpe:2.3:o:linux:linux_kernel:4.9.109
  • Linux Kernel 4.9.110
    cpe:2.3:o:linux:linux_kernel:4.9.110
  • Linux Kernel 4.9.111
    cpe:2.3:o:linux:linux_kernel:4.9.111
  • Linux Kernel 4.10
    cpe:2.3:o:linux:linux_kernel:4.10
  • Linux Kernel 4.10 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:4.10:rc3
  • Linux Kernel 4.10 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:4.10:rc4
  • Linux Kernel 4.10.1
    cpe:2.3:o:linux:linux_kernel:4.10.1
  • Linux Kernel 4.10.2
    cpe:2.3:o:linux:linux_kernel:4.10.2
  • Linux Kernel 4.10.3
    cpe:2.3:o:linux:linux_kernel:4.10.3
  • Linux Kernel 4.10.4
    cpe:2.3:o:linux:linux_kernel:4.10.4
  • Linux Kernel 4.10.5
    cpe:2.3:o:linux:linux_kernel:4.10.5
  • Linux Kernel 4.10.6
    cpe:2.3:o:linux:linux_kernel:4.10.6
  • Linux Kernel 4.10.7
    cpe:2.3:o:linux:linux_kernel:4.10.7
  • Linux Kernel 4.10.8
    cpe:2.3:o:linux:linux_kernel:4.10.8
  • Linux Kernel 4.10.9
    cpe:2.3:o:linux:linux_kernel:4.10.9
  • Linux Kernel 4.10.10
    cpe:2.3:o:linux:linux_kernel:4.10.10
  • Linux Kernel 4.10.11
    cpe:2.3:o:linux:linux_kernel:4.10.11
  • Linux Kernel 4.10.12
    cpe:2.3:o:linux:linux_kernel:4.10.12
  • Linux Kernel 4.10.13
    cpe:2.3:o:linux:linux_kernel:4.10.13
  • Linux Kernel 4.10.14
    cpe:2.3:o:linux:linux_kernel:4.10.14
  • Linux Kernel 4.10.15
    cpe:2.3:o:linux:linux_kernel:4.10.15
  • Linux Kernel 4.10.16
    cpe:2.3:o:linux:linux_kernel:4.10.16
  • Linux Kernel 4.10.17
    cpe:2.3:o:linux:linux_kernel:4.10.17
  • Linux Kernel 4.11
    cpe:2.3:o:linux:linux_kernel:4.11
  • Linux Linux Kernel 4.11 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:4.11:rc1
  • Linux Linux Kernel 4.11 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:4.11:rc2
  • Linux Linux Kernel 4.11 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:4.11:rc3
  • Linux Linux Kernel 4.11 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:4.11:rc4
  • Linux Linux Kernel 4.11 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:4.11:rc5
  • Linux Linux Kernel 4.11 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:4.11:rc6
  • Linux Linux Kernel 4.11 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:4.11:rc7
  • Linux Kernel 4.11.1
    cpe:2.3:o:linux:linux_kernel:4.11.1
  • Linux Kernel 4.11.2
    cpe:2.3:o:linux:linux_kernel:4.11.2
  • Linux Kernel 4.11.3
    cpe:2.3:o:linux:linux_kernel:4.11.3
  • Linux Kernel 4.11.4
    cpe:2.3:o:linux:linux_kernel:4.11.4
  • Linux Kernel 4.11.5
    cpe:2.3:o:linux:linux_kernel:4.11.5
  • Linux Kernel 4.11.6
    cpe:2.3:o:linux:linux_kernel:4.11.6
  • Linux Kernel 4.11.7
    cpe:2.3:o:linux:linux_kernel:4.11.7
  • Linux Kernel 4.11.8
    cpe:2.3:o:linux:linux_kernel:4.11.8
  • Linux Kernel 4.11.9
    cpe:2.3:o:linux:linux_kernel:4.11.9
  • Linux Kernel 4.11.10
    cpe:2.3:o:linux:linux_kernel:4.11.10
  • Linux Kernel 4.11.11
    cpe:2.3:o:linux:linux_kernel:4.11.11
  • Linux Kernel 4.11.12
    cpe:2.3:o:linux:linux_kernel:4.11.12
  • Linux Kernel 4.12
    cpe:2.3:o:linux:linux_kernel:4.12
  • Linux Kernel 4.12 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:4.12:rc1
  • Linux Kernel 4.12 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:4.12:rc2
  • Linux Kernel 4.12 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:4.12:rc3
  • Linux Kernel 4.12 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:4.12:rc4
  • Linux Kernel 4.12 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:4.12:rc5
  • Linux Kernel 4.12 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:4.12:rc6
  • Linux Kernel 4.12.1
    cpe:2.3:o:linux:linux_kernel:4.12.1
  • Linux Kernel 4.12.2
    cpe:2.3:o:linux:linux_kernel:4.12.2
  • Linux Kernel 4.12.3
    cpe:2.3:o:linux:linux_kernel:4.12.3
  • Linux Kernel 4.12.4
    cpe:2.3:o:linux:linux_kernel:4.12.4
  • Linux Kernel 4.12.5
    cpe:2.3:o:linux:linux_kernel:4.12.5
  • Linux Kernel 4.12.6
    cpe:2.3:o:linux:linux_kernel:4.12.6
  • Linux Kernel 4.12.7
    cpe:2.3:o:linux:linux_kernel:4.12.7
  • Linux Kernel 4.12.8
    cpe:2.3:o:linux:linux_kernel:4.12.8
  • Linux Kernel 4.12.9
    cpe:2.3:o:linux:linux_kernel:4.12.9
  • Linux Kernel 4.12.10
    cpe:2.3:o:linux:linux_kernel:4.12.10
  • Linux Kernel 4.12.11
    cpe:2.3:o:linux:linux_kernel:4.12.11
  • Linux Kernel 4.12.12
    cpe:2.3:o:linux:linux_kernel:4.12.12
  • Linux Kernel 4.12.13
    cpe:2.3:o:linux:linux_kernel:4.12.13
  • Linux Kernel 4.12.14
    cpe:2.3:o:linux:linux_kernel:4.12.14
  • Linux Kernel 4.13
    cpe:2.3:o:linux:linux_kernel:4.13
  • Linux Kernel 4.13 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:4.13:rc1
  • Linux Kernel 4.13 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:4.13:rc2
  • Linux Kernel 4.13 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:4.13:rc3
  • Linux Kernel 4.13 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:4.13:rc4
  • Linux Kernel 4.13 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:4.13:rc5
  • Linux Kernel 4.13.1
    cpe:2.3:o:linux:linux_kernel:4.13.1
  • Linux Kernel 4.13.2
    cpe:2.3:o:linux:linux_kernel:4.13.2
  • Linux Kernel 4.13.3
    cpe:2.3:o:linux:linux_kernel:4.13.3
  • Linux Kernel 4.13.4
    cpe:2.3:o:linux:linux_kernel:4.13.4
  • Linux Kernel 4.13.5
    cpe:2.3:o:linux:linux_kernel:4.13.5
  • Linux Kernel 4.13.6
    cpe:2.3:o:linux:linux_kernel:4.13.6
  • Linux Kernel 4.13.7
    cpe:2.3:o:linux:linux_kernel:4.13.7
  • Linux Kernel 4.13.8
    cpe:2.3:o:linux:linux_kernel:4.13.8
  • Linux Kernel 4.13.9
    cpe:2.3:o:linux:linux_kernel:4.13.9
  • Linux Kernel 4.13.10
    cpe:2.3:o:linux:linux_kernel:4.13.10
  • Linux Kernel 4.13.11
    cpe:2.3:o:linux:linux_kernel:4.13.11
  • Linux Kernel 4.13.12
    cpe:2.3:o:linux:linux_kernel:4.13.12
  • Linux Kernel 4.13.13
    cpe:2.3:o:linux:linux_kernel:4.13.13
  • Linux Kernel 4.13.14
    cpe:2.3:o:linux:linux_kernel:4.13.14
  • Linux Kernel 4.13.15
    cpe:2.3:o:linux:linux_kernel:4.13.15
  • Linux Kernel 4.13.16
    cpe:2.3:o:linux:linux_kernel:4.13.16
  • Linux Kernel 4.14
    cpe:2.3:o:linux:linux_kernel:4.14
  • Linux Kernel 4.14.1
    cpe:2.3:o:linux:linux_kernel:4.14.1
  • Linux Kernel 4.14.2
    cpe:2.3:o:linux:linux_kernel:4.14.2
  • Linux Kernel 4.14.3
    cpe:2.3:o:linux:linux_kernel:4.14.3
  • Linux Kernel 4.14.4
    cpe:2.3:o:linux:linux_kernel:4.14.4
  • Linux Kernel 4.14.5
    cpe:2.3:o:linux:linux_kernel:4.14.5
  • Linux Kernel 4.14.6
    cpe:2.3:o:linux:linux_kernel:4.14.6
  • Linux Kernel 4.14.7
    cpe:2.3:o:linux:linux_kernel:4.14.7
  • Linux Kernel 4.14.8
    cpe:2.3:o:linux:linux_kernel:4.14.8
  • Linux Kernel 4.14.9
    cpe:2.3:o:linux:linux_kernel:4.14.9
  • Linux Kernel 4.14.10
    cpe:2.3:o:linux:linux_kernel:4.14.10
  • Linux Kernel 4.14.11
    cpe:2.3:o:linux:linux_kernel:4.14.11
  • Linux Kernel 4.14.12
    cpe:2.3:o:linux:linux_kernel:4.14.12
  • Linux Kernel 4.14.13
    cpe:2.3:o:linux:linux_kernel:4.14.13
  • Linux Kernel 4.14.14
    cpe:2.3:o:linux:linux_kernel:4.14.14
  • Linux Kernel 4.14.15
    cpe:2.3:o:linux:linux_kernel:4.14.15
  • Linux Kernel 4.14.16
    cpe:2.3:o:linux:linux_kernel:4.14.16
  • Linux Kernel 4.14.17
    cpe:2.3:o:linux:linux_kernel:4.14.17
  • Linux Kernel 4.14.18
    cpe:2.3:o:linux:linux_kernel:4.14.18
  • Linux Kernel 4.14.19
    cpe:2.3:o:linux:linux_kernel:4.14.19
  • Linux Kernel 4.14.20
    cpe:2.3:o:linux:linux_kernel:4.14.20
  • Linux Kernel 4.14.21
    cpe:2.3:o:linux:linux_kernel:4.14.21
  • Linux Kernel 4.14.22
    cpe:2.3:o:linux:linux_kernel:4.14.22
  • Linux Kernel 4.14.23
    cpe:2.3:o:linux:linux_kernel:4.14.23
  • Linux Kernel 4.14.24
    cpe:2.3:o:linux:linux_kernel:4.14.24
  • Linux Kernel 4.14.25
    cpe:2.3:o:linux:linux_kernel:4.14.25
  • Linux Kernel 4.14.26
    cpe:2.3:o:linux:linux_kernel:4.14.26
  • Linux Kernel 4.14.27
    cpe:2.3:o:linux:linux_kernel:4.14.27
  • Linux Kernel 4.14.28
    cpe:2.3:o:linux:linux_kernel:4.14.28
  • Linux Kernel 4.14.29
    cpe:2.3:o:linux:linux_kernel:4.14.29
  • Linux Kernel 4.14.30
    cpe:2.3:o:linux:linux_kernel:4.14.30
  • Linux Kernel 4.14.31
    cpe:2.3:o:linux:linux_kernel:4.14.31
  • Linux Kernel 4.14.32
    cpe:2.3:o:linux:linux_kernel:4.14.32
  • Linux Kernel 4.14.33
    cpe:2.3:o:linux:linux_kernel:4.14.33
  • Linux Kernel 4.14.34
    cpe:2.3:o:linux:linux_kernel:4.14.34
  • Linux Kernel 4.14.35
    cpe:2.3:o:linux:linux_kernel:4.14.35
  • Linux Kernel 4.14.36
    cpe:2.3:o:linux:linux_kernel:4.14.36
  • Linux Kernel 4.14.37
    cpe:2.3:o:linux:linux_kernel:4.14.37
  • Linux Kernel 4.14.38
    cpe:2.3:o:linux:linux_kernel:4.14.38
  • Linux Kernel 4.14.39
    cpe:2.3:o:linux:linux_kernel:4.14.39
  • Linux Kernel 4.14.40
    cpe:2.3:o:linux:linux_kernel:4.14.40
  • Linux Kernel 4.14.41
    cpe:2.3:o:linux:linux_kernel:4.14.41
  • Linux Kernel 4.14.42
    cpe:2.3:o:linux:linux_kernel:4.14.42
  • Linux Kernel 4.14.43
    cpe:2.3:o:linux:linux_kernel:4.14.43
  • Linux Kernel 4.14.44
    cpe:2.3:o:linux:linux_kernel:4.14.44
  • Linux Kernel 4.14.45
    cpe:2.3:o:linux:linux_kernel:4.14.45
  • Linux Kernel 4.14.46
    cpe:2.3:o:linux:linux_kernel:4.14.46
  • Linux Kernel 4.14.47
    cpe:2.3:o:linux:linux_kernel:4.14.47
  • Linux Kernel 4.14.48
    cpe:2.3:o:linux:linux_kernel:4.14.48
  • Linux Kernel 4.14.49
    cpe:2.3:o:linux:linux_kernel:4.14.49
  • Linux Kernel 4.14.50
    cpe:2.3:o:linux:linux_kernel:4.14.50
  • Linux Kernel 4.14.51
    cpe:2.3:o:linux:linux_kernel:4.14.51
  • Linux Kernel 4.14.52
    cpe:2.3:o:linux:linux_kernel:4.14.52
  • Linux Kernel 4.14.53
    cpe:2.3:o:linux:linux_kernel:4.14.53
  • Linux Kernel 4.14.54
    cpe:2.3:o:linux:linux_kernel:4.14.54
  • Linux Kernel 4.15
    cpe:2.3:o:linux:linux_kernel:4.15
  • Linux Kernel 4.15 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:4.15:rc1
  • Linux Kernel 4.15 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:4.15:rc2
  • Linux Kernel 4.15 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:4.15:rc3
  • Linux Kernel 4.15 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:4.15:rc4
  • Linux Kernel 4.15.1
    cpe:2.3:o:linux:linux_kernel:4.15.1
  • Linux Kernel 4.15.2
    cpe:2.3:o:linux:linux_kernel:4.15.2
  • Linux Kernel 4.15.3
    cpe:2.3:o:linux:linux_kernel:4.15.3
  • Linux Kernel 4.15.4
    cpe:2.3:o:linux:linux_kernel:4.15.4
  • Linux Kernel 4.15.5
    cpe:2.3:o:linux:linux_kernel:4.15.5
  • Linux Kernel 4.15.6
    cpe:2.3:o:linux:linux_kernel:4.15.6
  • Linux Kernel 4.15.7
    cpe:2.3:o:linux:linux_kernel:4.15.7
  • Linux Kernel 4.15.8
    cpe:2.3:o:linux:linux_kernel:4.15.8
  • Linux Kernel 4.15.9
    cpe:2.3:o:linux:linux_kernel:4.15.9
  • Linux Kernel 4.15.10
    cpe:2.3:o:linux:linux_kernel:4.15.10
  • Linux Kernel 4.15.11
    cpe:2.3:o:linux:linux_kernel:4.15.11
  • Linux Kernel 4.15.12
    cpe:2.3:o:linux:linux_kernel:4.15.12
  • Linux Kernel 4.15.13
    cpe:2.3:o:linux:linux_kernel:4.15.13
  • Linux Kernel 4.15.14
    cpe:2.3:o:linux:linux_kernel:4.15.14
  • Linux Kernel 4.15.15
    cpe:2.3:o:linux:linux_kernel:4.15.15
  • Linux Kernel 4.15.16
    cpe:2.3:o:linux:linux_kernel:4.15.16
  • Linux Kernel 4.15.17
    cpe:2.3:o:linux:linux_kernel:4.15.17
  • Linux Kernel 4.15.18
    cpe:2.3:o:linux:linux_kernel:4.15.18
  • Linux Kernel 4.16
    cpe:2.3:o:linux:linux_kernel:4.16
  • Linux Kernel 4.16 Release Candidate
    cpe:2.3:o:linux:linux_kernel:4.16:rc
  • Linux Kernel 4.16 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:4.16:rc1
  • Linux Kernel 4.16 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:4.16:rc2
  • Linux Kernel 4.16 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:4.16:rc3
  • Linux Kernel 4.16 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:4.16:rc4
  • Linux Kernel 4.16 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:4.16:rc5
  • Linux Kernel 4.16 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:4.16:rc6
  • Linux Kernel 4.16.1
    cpe:2.3:o:linux:linux_kernel:4.16.1
  • Linux Kernel 4.16.2
    cpe:2.3:o:linux:linux_kernel:4.16.2
  • Linux Kernel 4.16.3
    cpe:2.3:o:linux:linux_kernel:4.16.3
  • Linux Kernel 4.16.4
    cpe:2.3:o:linux:linux_kernel:4.16.4
  • Linux Kernel 4.16.5
    cpe:2.3:o:linux:linux_kernel:4.16.5
  • Linux Kernel 4.16.6
    cpe:2.3:o:linux:linux_kernel:4.16.6
  • Linux Kernel 4.16.7
    cpe:2.3:o:linux:linux_kernel:4.16.7
  • Linux Kernel 4.16.8
    cpe:2.3:o:linux:linux_kernel:4.16.8
  • Linux Kernel 4.16.9
    cpe:2.3:o:linux:linux_kernel:4.16.9
  • Linux Kernel 4.16.10
    cpe:2.3:o:linux:linux_kernel:4.16.10
  • Linux Kernel 4.16.11
    cpe:2.3:o:linux:linux_kernel:4.16.11
  • Linux Kernel 4.16.12
    cpe:2.3:o:linux:linux_kernel:4.16.12
  • Linux Kernel 4.16.13
    cpe:2.3:o:linux:linux_kernel:4.16.13
  • Linux Kernel 4.16.14
    cpe:2.3:o:linux:linux_kernel:4.16.14
  • Linux Kernel 4.16.15
    cpe:2.3:o:linux:linux_kernel:4.16.15
  • Linux Kernel 4.16.16
    cpe:2.3:o:linux:linux_kernel:4.16.16
  • Linux Kernel 4.16.17
    cpe:2.3:o:linux:linux_kernel:4.16.17
  • Linux Kernel 4.16.18
    cpe:2.3:o:linux:linux_kernel:4.16.18
  • Linux Kernel 4.17
    cpe:2.3:o:linux:linux_kernel:4.17
  • Linux Kernel 4.17 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:4.17:rc1
  • Linux Kernel 4.17 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:4.17:rc2
  • Linux Kernel 4.17 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:4.17:rc3
  • Linux Kernel 4.17 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:4.17:rc4
  • Linux Kernel 4.17 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:4.17:rc5
  • Linux Kernel 4.17 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:4.17:rc6
  • Linux Kernel 4.17 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:4.17:rc7
  • Linux Kernel 4.17.1
    cpe:2.3:o:linux:linux_kernel:4.17.1
  • Linux Kernel 4.17.2
    cpe:2.3:o:linux:linux_kernel:4.17.2
  • Linux Kernel 4.17.3
    cpe:2.3:o:linux:linux_kernel:4.17.3
  • Linux Kernel 4.17.4
    cpe:2.3:o:linux:linux_kernel:4.17.4
  • Linux Kernel 4.17.5
    cpe:2.3:o:linux:linux_kernel:4.17.5
  • Linux Kernel 4.17.6
    cpe:2.3:o:linux:linux_kernel:4.17.6
  • Linux Kernel 4.17.7
    cpe:2.3:o:linux:linux_kernel:4.17.7
  • Linux Kernel 4.17.8
    cpe:2.3:o:linux:linux_kernel:4.17.8
  • Linux Kernel 4.17.9
    cpe:2.3:o:linux:linux_kernel:4.17.9
  • Linux Kernel 4.18
    cpe:2.3:o:linux:linux_kernel:4.18
  • Linux Kernel 4.18 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:4.18:rc1
  • Linux Kernel 4.18 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:4.18:rc2
  • Linux Kernel 4.18 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:4.18:rc3
  • Linux Kernel 4.18 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:4.18:rc4
  • Linux Kernel 4.18 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:4.18:rc5
  • Linux Kernel 4.18 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:4.18:rc6
  • Linux Kernel 4.18 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:4.18:rc7
  • Linux Kernel 4.18 Release Candidate 8
    cpe:2.3:o:linux:linux_kernel:4.18:rc8
  • Linux Kernel 4.18.1
    cpe:2.3:o:linux:linux_kernel:4.18.1
  • Linux Kernel 4.18.2
    cpe:2.3:o:linux:linux_kernel:4.18.2
  • Linux Kernel 4.18.3
    cpe:2.3:o:linux:linux_kernel:4.18.3
  • Linux Kernel 4.18.4
    cpe:2.3:o:linux:linux_kernel:4.18.4
  • Linux Kernel 4.18.5
    cpe:2.3:o:linux:linux_kernel:4.18.5
  • Linux Kernel 4.18.6
    cpe:2.3:o:linux:linux_kernel:4.18.6
  • Linux Kernel 4.18.7
    cpe:2.3:o:linux:linux_kernel:4.18.7
  • Linux Kernel 4.18.8
    cpe:2.3:o:linux:linux_kernel:4.18.8
  • Linux Kernel 4.18.9
    cpe:2.3:o:linux:linux_kernel:4.18.9
  • Linux Kernel 4.18.10
    cpe:2.3:o:linux:linux_kernel:4.18.10
  • Linux Kernel 4.18.11
    cpe:2.3:o:linux:linux_kernel:4.18.11
  • Linux Kernel 4.18.12
    cpe:2.3:o:linux:linux_kernel:4.18.12
  • Linux Kernel 4.18.13
    cpe:2.3:o:linux:linux_kernel:4.18.13
  • Linux Kernel 4.18.14
    cpe:2.3:o:linux:linux_kernel:4.18.14
  • Linux Kernel 4.18.15
    cpe:2.3:o:linux:linux_kernel:4.18.15
  • Linux Kernel 4.18.16
    cpe:2.3:o:linux:linux_kernel:4.18.16
  • Linux Kernel 4.19
    cpe:2.3:o:linux:linux_kernel:4.19
  • Linux Kernel 4.19 Release Candidate 1
    cpe:2.3:o:linux:linux_kernel:4.19:rc1
  • Linux Kernel 4.19 Release Candidate 2
    cpe:2.3:o:linux:linux_kernel:4.19:rc2
  • Linux Kernel 4.19 Release Candidate 3
    cpe:2.3:o:linux:linux_kernel:4.19:rc3
  • Linux Kernel 4.19 Release Candidate 4
    cpe:2.3:o:linux:linux_kernel:4.19:rc4
  • Linux Kernel 4.19 Release Candidate 5
    cpe:2.3:o:linux:linux_kernel:4.19:rc5
  • Linux Kernel 4.19 Release Candidate 6
    cpe:2.3:o:linux:linux_kernel:4.19:rc6
  • Linux Kernel 4.19 Release Candidate 7
    cpe:2.3:o:linux:linux_kernel:4.19:rc7
  • Linux Kernel 4.19 Release Candidate 8
    cpe:2.3:o:linux:linux_kernel:4.19:rc8
  • Linux Kernel 10.2.0 for Endpoint Security Linux Threat Prevention
    cpe:2.3:o:linux:linux_kernel:10.2.0:-:-:-:-:endpoint_security_linux_threat_prevention
  • Linux Kernel 10.2.2 for Endpoint Security Linux Threat Prevention
    cpe:2.3:o:linux:linux_kernel:10.2.2:-:-:-:-:endpoint_security_linux_threat_prevention
  • Linux Kernel 10.2.3 for Endpoint Security Linux Threat Prevention
    cpe:2.3:o:linux:linux_kernel:10.2.3:-:-:-:-:endpoint_security_linux_threat_prevention
  • Linux Kernel 10.5.0 for Endpoint Security Linux Threat Prevention
    cpe:2.3:o:linux:linux_kernel:10.5.0:-:-:-:-:endpoint_security_linux_threat_prevention
  • Linux Kernel 10.5.1 for Endpoint Security Linux Threat Prevention
    cpe:2.3:o:linux:linux_kernel:10.5.1:-:-:-:-:endpoint_security_linux_threat_prevention
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • F5 Big-IP Access Policy Manager (APM) 11.5.1
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1
  • F5 BIG-IP Access Policy Manager 11.5.2
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2
  • F5 BIG-IP Access Policy Manager 11.5.3
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3
  • F5 Big-IP Access Policy Manager (APM) 11.5.4
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4
  • F5 Networks BIG-IP Access Policy Manager 11.5.5
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.5
  • F5 Big-IP Access Policy Manager (APM) 11.5.6
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.6
  • F5 Big-IP Access Policy Manager (APM) 11.5.7
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.7
  • F5 Big-IP Access Policy Manager (APM) 11.6.0
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0
  • F5 Networks BIG-IP Access Policy Manager 11.6.1
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1
  • F5 Big-IP Access Policy Manager (APM) 11.6.2
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.2
  • F5 Big-IP Access Policy Manager (APM) 11.6.3
    cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3
  • F5 BIG-IP Access Policy Manager (APM) 12.1.0
    cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0
  • F5 BIG-IP Access Policy Manager (APM) 12.1.1
    cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1
  • F5 Big-IP Access Policy Manager (APM) 12.1.2
    cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2
  • F5 Big-IP Access Policy Manager (APM) 12.1.3
    cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3
  • F5 Big-IP Access Policy Manager (APM) 13.0.0
    cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0
  • F5 Big-IP Access Policy Manager (APM) 13.0.1
    cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.1
  • F5 Big-IP Access Policy Manager (APM) 13.1.0
    cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0
  • F5 Big-IP Access Policy Manager (APM) 13.1.0.1
    cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.1
  • F5 Big-IP Access Policy Manager (APM) 13.1.0.2
    cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.2
  • F5 Big-IP Access Policy Manager (APM) 13.1.0.3
    cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.3
  • F5 Big-IP Access Policy Manager (APM) 13.1.0.4
    cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.4
  • F5 Big-IP Access Policy Manager (APM) 13.1.0.5
    cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.5
  • F5 Big-IP Access Policy Manager (APM) 13.1.0.6
    cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.6
  • F5 Big-IP Access Policy Manager (APM) 13.1.0.7
    cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.7
  • F5 Big-IP Access Policy Manager (APM) 13.1.0.8
    cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.8
  • F5 Big-IP Access Policy Manager (APM) 13.1.1
    cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1
  • F5 Big-IP Access Policy Manager (APM) 14.0.0
    cpe:2.3:a:f5:big-ip_access_policy_manager:14.0.0
  • F5 Networks BIGIP Advanced Firewall Manager 11.5.1
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1
  • F5 BIG-IP Advanced Firewall Manager 11.5.2
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2
  • F5 BIG-IP Advanced Firewall Manager 11.5.3
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3
  • F5 Big-IP Advanced Firewall Manager 11.5.4
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4
  • F5 Networks BIG-IP Advanced Firewall Manager 11.5.5
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.5
  • F5 Big-IP Advanced Firewall Manager (AFM) 11.5.6
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.6
  • F5 Big-IP Advanced Firewall Manager (AFM) 11.5.7
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.7
  • F5 BIG-IP Advanced Firewall Manager 11.6.0
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0
  • F5 Networks BIG-IP Advanced Firewall Manager 11.6.1
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1
  • F5 Big-IP Advanced Firewall Manager (AFM) 11.6.2
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.2
  • F5 Big-IP Advanced Firewall Manager (AFM) 11.6.3
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.3
  • F5 BIG-IP Advanced Firewall Manager (AFM) 12.1.0
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0
  • F5 BIG-IP Advanced Firewall Manager (AFM) 12.1.1
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1
  • F5 Big-IP Advanced Firewall Manager (AFM) 12.1.2
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2
  • F5 Big-IP Advanced Firewall Manager (AFM) 12.1.3
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.3
  • F5 Big-IP Advanced Firewall Manager (AFM) 13.0.0
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0
  • F5 Big-IP Advanced Firewall Manager (AFM) 13.0.1
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.1
  • F5 Big-IP Advanced Firewall Manager (AFM) 13.1.0
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.0
  • F5 Big-IP Advanced Firewall Manager (AFM) 13.1.1
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.1
  • F5 Big-IP Advanced Firewall Manager (AFM) 14.0.0
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0
  • F5 Networks BIGIP Analytics 11.5.1
    cpe:2.3:a:f5:big-ip_analytics:11.5.1
  • F5 BIG-IP Analytics 11.5.2
    cpe:2.3:a:f5:big-ip_analytics:11.5.2
  • F5 BIG-IP Analytics 11.5.3
    cpe:2.3:a:f5:big-ip_analytics:11.5.3
  • F5 Big-IP Analytics 11.5.4
    cpe:2.3:a:f5:big-ip_analytics:11.5.4
  • F5 Big-IP Analytics 11.5.5
    cpe:2.3:a:f5:big-ip_analytics:11.5.5
  • F5 Big-IP Analytics 11.5.6
    cpe:2.3:a:f5:big-ip_analytics:11.5.6
  • F5 Big-IP Analytics 11.5.7
    cpe:2.3:a:f5:big-ip_analytics:11.5.7
  • F5 BIG-IP Analytics 11.6.0
    cpe:2.3:a:f5:big-ip_analytics:11.6.0
  • F5 Networks BIG-IP Analytics 11.6.1
    cpe:2.3:a:f5:big-ip_analytics:11.6.1
  • F5 Big-IP Analytics 11.6.2
    cpe:2.3:a:f5:big-ip_analytics:11.6.2
  • F5 Big-IP Analytics 11.6.3
    cpe:2.3:a:f5:big-ip_analytics:11.6.3
  • F5 BIG-IP Analytics 12.1.0
    cpe:2.3:a:f5:big-ip_analytics:12.1.0
  • F5 BIG-IP Analytics 12.1.1
    cpe:2.3:a:f5:big-ip_analytics:12.1.1
  • F5 Big-IP Analytics 12.1.2
    cpe:2.3:a:f5:big-ip_analytics:12.1.2
  • F5 Big-IP Analytics 12.1.3
    cpe:2.3:a:f5:big-ip_analytics:12.1.3
  • F5 Big-IP Analytics 13.0.0
    cpe:2.3:a:f5:big-ip_analytics:13.0.0
  • F5 Big-IP Analytics 13.0.1
    cpe:2.3:a:f5:big-ip_analytics:13.0.1
  • F5 Big-IP Analytics 13.1.0
    cpe:2.3:a:f5:big-ip_analytics:13.1.0
  • F5 Big-IP Analytics 13.1.1
    cpe:2.3:a:f5:big-ip_analytics:13.1.1
  • F5 Big-IP Analytics 14.0.0
    cpe:2.3:a:f5:big-ip_analytics:14.0.0
  • F5 Networks BIGIP Application Acceleration Manager 11.5.1
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1
  • F5 BIG-IP Application Acceleration Manager 11.5.2
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2
  • F5 BIG-IP Application Acceleration Manager 11.5.3
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3
  • F5 Big-IP Application Acceleration Manager 11.5.4
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4
  • F5 Networks BIG-IP Application Acceleration Manager 11.5.5
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.5
  • F5 Big-IP Application Acceleration Manager (AAM) 11.5.6
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.6
  • F5 Big-IP Application Acceleration Manager (AAM) 11.5.7
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.7
  • F5 BIG-IP Application Acceleration Manager 11.6.0
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0
  • F5 Networks BIG-IP Application Acceleration Manager 11.6.1
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1
  • F5 Big-IP Application Acceleration Manager (AAM) 11.6.2
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.2
  • F5 Big-IP Application Acceleration Manager (AAM) 11.6.3
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.3
  • F5 Networks BIG-IP Application Acceleration Manager 12.1.0
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0
  • F5 BIG-IP Application Acceleration Manager (AAM) 12.1.1
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1
  • F5 Big-IP Application Acceleration Manager (AAM) 12.1.2
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2
  • F5 Big-IP Application Acceleration Manager (AAM) 12.1.3
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.3
  • F5 Big-IP Application Acceleration Manager (AAM) 13.0.0
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0
  • F5 Big-IP Application Acceleration Manager (AAM) 13.0.1
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.1
  • F5 Big-IP Application Acceleration Manager (AAM) 13.1.0
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.0
  • F5 Big-IP Application Acceleration Manager (AAM) 13.1.1
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.1
  • F5 Big-IP Application Acceleration Manager (AAM) 14.0.0
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0
  • F5 Networks BIG-IP Application Security Manager 11.5.1
    cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1
  • F5 BIG-IP Application Security Manager 11.5.2
    cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2
  • F5 BIG-IP Application Security Manager 11.5.3
    cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3
  • F5 Big-IP Application Security Manager 11.5.4
    cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4
  • F5 Networks BIG-IP Application Security Manager 11.5.5
    cpe:2.3:a:f5:big-ip_application_security_manager:11.5.5
  • F5 Big-IP Application Security Manager (ASM) 11.5.6
    cpe:2.3:a:f5:big-ip_application_security_manager:11.5.6
  • F5 Big-IP Application Security Manager (ASM) 11.5.7
    cpe:2.3:a:f5:big-ip_application_security_manager:11.5.7
  • F5 BIG-IP Application Security Manager 11.6.0
    cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0
  • F5 Networks BIG-IP Application Security Manager 11.6.1
    cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1
  • F5 Big-IP Application Security Manager (ASM) 11.6.2
    cpe:2.3:a:f5:big-ip_application_security_manager:11.6.2
  • F5 Big-IP Application Security Manager (ASM) 11.6.3
    cpe:2.3:a:f5:big-ip_application_security_manager:11.6.3
  • F5 BIG-IP Application Security Manager (ASM) 12.1.0
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0
  • F5 BIG-IP Application Security Manager (ASM) 12.1.1
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1
  • F5 Big-IP Application Security Manager (ASM) 12.1.2
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2
  • F5 Big-IP Application Security Manager (ASM) 12.1.3
    cpe:2.3:a:f5:big-ip_application_security_manager:12.1.3
  • F5 Big-IP Application Security Manager (ASM) 13.0.0
    cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0
  • F5 Big-IP Application Security Manager (ASM) 13.0.1
    cpe:2.3:a:f5:big-ip_application_security_manager:13.0.1
  • F5 Big-IP Application Security Manager (ASM) 13.1.0
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.0
  • F5 Big-IP Application Security Manager (ASM) 13.1.1
    cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1
  • F5 Big-IP Application Security Manager (ASM) 14.0.0
    cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0
  • F5 BIG-IP Domain Name System 11.5.1
    cpe:2.3:a:f5:big-ip_domain_name_system:11.5.1
  • F5 BIG-IP Domain Name System 11.5.2
    cpe:2.3:a:f5:big-ip_domain_name_system:11.5.2
  • F5 BIG-IP Domain Name System 11.5.3
    cpe:2.3:a:f5:big-ip_domain_name_system:11.5.3
  • F5 BIG-IP Domain Name System 11.5.4
    cpe:2.3:a:f5:big-ip_domain_name_system:11.5.4
  • F5 Big-IP Domain Name System (DNS) 11.5.5
    cpe:2.3:a:f5:big-ip_domain_name_system:11.5.5
  • F5 Big-IP Domain Name System (DNS) 11.5.6
    cpe:2.3:a:f5:big-ip_domain_name_system:11.5.6
  • F5 Big-IP Domain Name System (DNS) 11.5.7
    cpe:2.3:a:f5:big-ip_domain_name_system:11.5.7
  • F5 BIG-IP Domain Name System 11.6.0
    cpe:2.3:a:f5:big-ip_domain_name_system:11.6.0
  • F5 BIG-IP Domain Name System 11.6.1
    cpe:2.3:a:f5:big-ip_domain_name_system:11.6.1
  • F5 Big-IP Domain Name System (DNS) 11.6.2
    cpe:2.3:a:f5:big-ip_domain_name_system:11.6.2
  • F5 Big-IP Domain Name System (DNS) 11.6.3
    cpe:2.3:a:f5:big-ip_domain_name_system:11.6.3
  • F5 BIG-IP Domain Name System (DNS) 12.1.0
    cpe:2.3:a:f5:big-ip_domain_name_system:12.1.0
  • F5 BIG-IP Domain Name System (DNS) 12.1.1
    cpe:2.3:a:f5:big-ip_domain_name_system:12.1.1
  • F5 Big-IP Domain Name System (DNS) 12.1.2
    cpe:2.3:a:f5:big-ip_domain_name_system:12.1.2
  • F5 Big-IP Domain Name System (DNS) 12.1.3
    cpe:2.3:a:f5:big-ip_domain_name_system:12.1.3
  • F5 Big-IP Domain Name System (DNS) 13.0.0
    cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0
  • F5 Big-IP Domain Name System (DNS) 13.0.1
    cpe:2.3:a:f5:big-ip_domain_name_system:13.0.1
  • F5 Big-IP Domain Name System (DNS) 13.1.0
    cpe:2.3:a:f5:big-ip_domain_name_system:13.1.0
  • F5 Big-IP Domain Name System (DNS) 13.1.1
    cpe:2.3:a:f5:big-ip_domain_name_system:13.1.1
  • F5 Big-IP Domain Name System (DNS) 14.0.0
    cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0
  • F5 Big-IP Edge Gateway 11.5.2
    cpe:2.3:a:f5:big-ip_edge_gateway:11.5.2
  • F5 Big-IP Edge Gateway 11.5.3
    cpe:2.3:a:f5:big-ip_edge_gateway:11.5.3
  • F5 Big-IP Edge Gateway 11.5.4
    cpe:2.3:a:f5:big-ip_edge_gateway:11.5.4
  • F5 Big-IP Edge Gateway 11.5.5
    cpe:2.3:a:f5:big-ip_edge_gateway:11.5.5
  • F5 Big-IP Edge Gateway 11.5.6
    cpe:2.3:a:f5:big-ip_edge_gateway:11.5.6
  • F5 Big-IP Edge Gateway 11.5.7
    cpe:2.3:a:f5:big-ip_edge_gateway:11.5.7
  • F5 Big-IP Edge Gateway 11.6.0
    cpe:2.3:a:f5:big-ip_edge_gateway:11.6.0
  • F5 Big-IP Edge Gateway 11.6.1
    cpe:2.3:a:f5:big-ip_edge_gateway:11.6.1
  • F5 Big-IP Edge Gateway 11.6.2
    cpe:2.3:a:f5:big-ip_edge_gateway:11.6.2
  • F5 Big-IP Edge Gateway 11.6.3
    cpe:2.3:a:f5:big-ip_edge_gateway:11.6.3
  • F5 Big-IP Edge Gateway 12.1.0
    cpe:2.3:a:f5:big-ip_edge_gateway:12.1.0
  • F5 Big-IP Edge Gateway 12.1.1
    cpe:2.3:a:f5:big-ip_edge_gateway:12.1.1
  • F5 Big-IP Edge Gateway 12.1.2
    cpe:2.3:a:f5:big-ip_edge_gateway:12.1.2
  • F5 Big-IP Edge Gateway 12.1.3
    cpe:2.3:a:f5:big-ip_edge_gateway:12.1.3
  • F5 Big-IP Edge Gateway 13.0.0
    cpe:2.3:a:f5:big-ip_edge_gateway:13.0.0
  • F5 Big-IP Edge Gateway 13.0.1
    cpe:2.3:a:f5:big-ip_edge_gateway:13.0.1
  • F5 Big-IP Edge Gateway 13.1.0
    cpe:2.3:a:f5:big-ip_edge_gateway:13.1.0
  • F5 Big-IP Edge Gateway 13.1.1
    cpe:2.3:a:f5:big-ip_edge_gateway:13.1.1
  • F5 Big-IP Edge Gateway 14.0.0
    cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0
  • F5 Big-IP Fraud Protection Service (FPS) 11.5.1
    cpe:2.3:a:f5:big-ip_fraud_protection_service:11.5.1
  • F5 Big-IP Fraud Protection Service (FPS) 11.5.2
    cpe:2.3:a:f5:big-ip_fraud_protection_service:11.5.2
  • F5 Big-IP Fraud Protection Service (FPS) 11.5.3
    cpe:2.3:a:f5:big-ip_fraud_protection_service:11.5.3
  • F5 Big-IP Fraud Protection Service (FPS) 11.5.4
    cpe:2.3:a:f5:big-ip_fraud_protection_service:11.5.4
  • F5 Big-IP Fraud Protection Service (FPS) 11.5.5
    cpe:2.3:a:f5:big-ip_fraud_protection_service:11.5.5
  • F5 Big-IP Fraud Protection Service (FPS) 11.5.6
    cpe:2.3:a:f5:big-ip_fraud_protection_service:11.5.6
  • F5 Big-IP Fraud Protection Service (FPS) 11.5.7
    cpe:2.3:a:f5:big-ip_fraud_protection_service:11.5.7
  • F5 Big-IP Fraud Protection Service (FPS) 11.6.0
    cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.0
  • F5 Big-IP Fraud Protection Service (FPS) 11.6.1
    cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.1
  • F5 Big-IP Fraud Protection Service (FPS) 11.6.2
    cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.2
  • F5 Big-IP Fraud Protection Service (FPS) 11.6.3
    cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.3
  • F5 Big-IP Fraud Protection Service (FPS) 12.1.0
    cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.0
  • F5 Big-IP Fraud Protection Service (FPS) 12.1.1
    cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.1
  • F5 Big-IP Fraud Protection Service (FPS) 12.1.2
    cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.2
  • F5 Big-IP Fraud Protection Service (FPS) 12.1.3
    cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.3
  • F5 Big-IP Fraud Protection Service (FPS) 13.0.0
    cpe:2.3:a:f5:big-ip_fraud_protection_service:13.0.0
  • F5 Big-IP Fraud Protection Service (FPS) 13.0.1
    cpe:2.3:a:f5:big-ip_fraud_protection_service:13.0.1
  • F5 Big-IP Fraud Protection Service (FPS) 13.1.0
    cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.0
  • F5 Big-IP Fraud Protection Service (FPS) 13.1.1
    cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.1
  • F5 Big-IP Fraud Protection Service (FPS) 14.0.0
    cpe:2.3:a:f5:big-ip_fraud_protection_service:14.0.0
  • F5 Networks BIGIP Global Traffic Manager 11.5.1
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1
  • F5 BIG-IP Global Traffic Manager 11.5.2
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2
  • F5 BIG-IP Global Traffic Manager 11.5.3
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3
  • F5 Big-IP Global Traffic Manager 11.5.4
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4
  • F5 Big-IP Global Traffic Manager (GTM) 11.5.5
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.5
  • F5 Big-IP Global Traffic Manager (GTM) 11.5.6
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.6
  • F5 Big-IP Global Traffic Manager (GTM) 11.5.7
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.7
  • F5 BIG-IP Global Traffic Manager 11.6.0
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0
  • F5 Networks BIG-IP Global Traffic Manager 11.6.1
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.1
  • F5 Big-IP Global Traffic Manager (GTM) 11.6.2
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.2
  • F5 Big-IP Global Traffic Manager (GTM) 11.6.3
    cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.3
  • F5 BIG-IP Global Traffic Manager 12.1.0
    cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.0
  • F5 BIG-IP Global Traffic Manager 12.1.1
    cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.1
  • F5 BIG-IP Global Traffic Manager 12.1.2
    cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.2
  • F5 Big-IP Global Traffic Manager (GTM) 12.1.3
    cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.3
  • F5 Big-IP Global Traffic Manager (GTM) 13.0.0
    cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0
  • F5 Big-IP Global Traffic Manager (GTM) 13.0.1
    cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.1
  • F5 Big-IP Global Traffic Manager (GTM) 13.1.0
    cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.0
  • F5 Big-IP Global Traffic Manager (GTM) 13.1.1
    cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.1
  • F5 Big-IP Global Traffic Manager (GTM) 14.0.0
    cpe:2.3:a:f5:big-ip_global_traffic_manager:14.0.0
  • F5 Networks BIGIP Link Controller 11.5.1
    cpe:2.3:a:f5:big-ip_link_controller:11.5.1
  • F5 BIG-IP Link Controller 11.5.2
    cpe:2.3:a:f5:big-ip_link_controller:11.5.2
  • F5 BIG-IP Link Controller 11.5.3
    cpe:2.3:a:f5:big-ip_link_controller:11.5.3
  • F5 Big-IP Link Controller 11.5.4
    cpe:2.3:a:f5:big-ip_link_controller:11.5.4
  • F5 Networks BIG-IP Link Controller 11.5.5
    cpe:2.3:a:f5:big-ip_link_controller:11.5.5
  • F5 Big-IP Link Controller 11.5.6
    cpe:2.3:a:f5:big-ip_link_controller:11.5.6
  • F5 Big-IP Link Controller 11.5.7
    cpe:2.3:a:f5:big-ip_link_controller:11.5.7
  • F5 BIG-IP Link Controller 11.6.0
    cpe:2.3:a:f5:big-ip_link_controller:11.6.0
  • F5 Networks BIG-IP Link Controller 11.6.1
    cpe:2.3:a:f5:big-ip_link_controller:11.6.1
  • F5 Big-IP Link Controller 11.6.2
    cpe:2.3:a:f5:big-ip_link_controller:11.6.2
  • F5 Big-IP Link Controller 11.6.3
    cpe:2.3:a:f5:big-ip_link_controller:11.6.3
  • F5 BIG-IP Link Controller 12.1.0
    cpe:2.3:a:f5:big-ip_link_controller:12.1.0
  • F5 BIG-IP Link Controller 12.1.1
    cpe:2.3:a:f5:big-ip_link_controller:12.1.1
  • F5 Big-IP Link Controller 12.1.2
    cpe:2.3:a:f5:big-ip_link_controller:12.1.2
  • F5 Big-IP Link Controller 12.1.3
    cpe:2.3:a:f5:big-ip_link_controller:12.1.3
  • F5 Big-IP Link Controller 13.0.0
    cpe:2.3:a:f5:big-ip_link_controller:13.0.0
  • F5 Big-IP Link Controller 13.0.1
    cpe:2.3:a:f5:big-ip_link_controller:13.0.1
  • F5 Big-IP Link Controller 13.1.0
    cpe:2.3:a:f5:big-ip_link_controller:13.1.0
  • F5 Big-IP Link Controller 13.1.1
    cpe:2.3:a:f5:big-ip_link_controller:13.1.1
  • F5 Big-IP Link Controller 14.0.0
    cpe:2.3:a:f5:big-ip_link_controller:14.0.0
  • F5 Networks BIGIP Local Traffic Manager (LTM) 11.5.1
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1
  • F5 BIG-IP Local Traffic Manager 11.5.2
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2
  • F5 BIG-IP Local Traffic Manager 11.5.3
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3
  • F5 Big-IP Local Traffic Manager 11.5.4
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4
  • F5 Networks BIG-IP Local Traffic Manager 11.5.5
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.5
  • F5 Big-IP Local Traffic Manager (LTM) 11.5.6
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.6
  • F5 Big-IP Local Traffic Manager (LTM) 11.5.7
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.7
  • F5 BIG-IP Local Traffic Manager 11.6.0
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0
  • F5 Networks BIG-IP Local Traffic Manager 11.6.1
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1
  • F5 Big-IP Local Traffic Manager (LTM) 11.6.2
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.2
  • F5 Big-IP Local Traffic Manager (LTM) 11.6.3
    cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.3
  • F5 BIG-IP Local Traffic Manager (LTM) 12.0.0
    cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0
  • F5 BIG-IP Local Traffic Manager (LTM) 12.1.0
    cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0
  • F5 BIG-IP Local Traffic Manager (LTM) 12.1.1
    cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1
  • F5 Big-IP Local Traffic Manager (LTM) 12.1.2
    cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2
  • F5 Big-IP Local Traffic Manager (LTM) 12.1.3
    cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.3
  • F5 Big-IP Local Traffic Manager (LTM) 13.0.1
    cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.1
  • F5 Big-IP Local Traffic Manager (LTM) 13.1.0
    cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.0
  • F5 Big-IP Local Traffic Manager (LTM) 13.1.1
    cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.1
  • F5 Big-IP Local Traffic Manager (LTM) 14.0.0
    cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0
  • F5 Networks BIGIP Policy Enforcement Manager 11.5.1
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1
  • F5 BIG-IP Policy Enforcement Manager 11.5.2
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2
  • F5 Networks BIG-IP Policy Enforcement Manager 11.5.3
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3
  • F5 Big-IP Policy Enforcement Manager 11.5.4
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4
  • F5 Networks BIG-IP Policy Enforcement Manager 11.5.5
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.5
  • F5 Big-IP Policy Enforcement Manager (PEM) 11.5.6
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.6
  • F5 Big-IP Policy Enforcement Manager (PEM) 11.5.7
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.7
  • F5 BIG-IP Policy Enforcement Manager 11.6.0
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0
  • F5 Networks BIG-IP Policy Enforcement Manager 11.6.1
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1
  • F5 Networks BIG-IP Policy Enforcement Manager (PEM) 11.6.2
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.2
  • F5 Big-IP Policy Enforcement Manager (PEM) 11.6.3
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.3
  • F5 BIG-IP Policy Enforcement Manager (PEM) 12.1.0
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0
  • F5 BIG-IP Policy Enforcement Manager (PEM) 12.1.1
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1
  • F5 Big-IP Policy Enforcement Manager (PEM) 12.1.2
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2
  • F5 Networks BIG-IP Policy Enforcement Manager (PEM) 12.1.3
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.3
  • F5 Big-IP Policy Enforcement Manager (PEM) 13.0.0
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0
  • F5 Big-IP Policy Enforcement Manager (PEM) 13.0.1
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.1
  • F5 Big-IP Policy Enforcement Manager (PEM) 13.1.0
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.0
  • F5 Big-IP Policy Enforcement Manager (PEM) 13.1.1
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.1
  • F5 Big-IP Policy Enforcement Manager (PEM) 14.0.0
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.0.0
  • F5 Big-IP WebAccelerator 11.5.1
    cpe:2.3:a:f5:big-ip_webaccelerator:11.5.1
  • F5 Big-IP WebAccelerator 11.5.2
    cpe:2.3:a:f5:big-ip_webaccelerator:11.5.2
  • F5 Big-IP WebAccelerator 11.5.3
    cpe:2.3:a:f5:big-ip_webaccelerator:11.5.3
  • F5 Big-IP WebAccelerator 11.5.4
    cpe:2.3:a:f5:big-ip_webaccelerator:11.5.4
  • F5 Big-IP WebAccelerator 11.5.5
    cpe:2.3:a:f5:big-ip_webaccelerator:11.5.5
  • F5 Big-IP WebAccelerator 11.5.6
    cpe:2.3:a:f5:big-ip_webaccelerator:11.5.6
  • F5 Big-IP WebAccelerator 11.5.7
    cpe:2.3:a:f5:big-ip_webaccelerator:11.5.7
  • F5 Big-IP WebAccelerator 11.6.0
    cpe:2.3:a:f5:big-ip_webaccelerator:11.6.0
  • F5 Big-IP WebAccelerator 11.6.1
    cpe:2.3:a:f5:big-ip_webaccelerator:11.6.1
  • F5 Big-IP WebAccelerator 11.6.2
    cpe:2.3:a:f5:big-ip_webaccelerator:11.6.2
  • F5 Big-IP WebAccelerator 11.6.3
    cpe:2.3:a:f5:big-ip_webaccelerator:11.6.3
  • F5 Big-IP WebAccelerator 12.1.0
    cpe:2.3:a:f5:big-ip_webaccelerator:12.1.0
  • F5 Big-IP WebAccelerator 12.1.1
    cpe:2.3:a:f5:big-ip_webaccelerator:12.1.1
  • F5 Big-IP WebAccelerator 12.1.2
    cpe:2.3:a:f5:big-ip_webaccelerator:12.1.2
  • F5 Big-IP WebAccelerator 12.1.3
    cpe:2.3:a:f5:big-ip_webaccelerator:12.1.3
  • F5 Big-IP WebAccelerator 13.0.0
    cpe:2.3:a:f5:big-ip_webaccelerator:13.0.0
  • F5 Big-IP WebAccelerator 13.0.1
    cpe:2.3:a:f5:big-ip_webaccelerator:13.0.1
  • F5 Big-IP WebAccelerator 13.1.0
    cpe:2.3:a:f5:big-ip_webaccelerator:13.1.0
  • F5 Big-IP WebAccelerator 13.1.1
    cpe:2.3:a:f5:big-ip_webaccelerator:13.1.1
  • F5 Big-IP WebAccelerator 14.0.0
    cpe:2.3:a:f5:big-ip_webaccelerator:14.0.0
  • cpe:2.3:a:f5:traffix_systems_signaling_delivery_controller:4.4.0
    cpe:2.3:a:f5:traffix_systems_signaling_delivery_controller:4.4.0
  • cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.2
    cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.2
  • cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.2:p5
    cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.2:p5
  • cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.0
    cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.0
  • cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.0:p11
    cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.0:p11
  • cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.1:p8
    cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.1:p8
  • cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.2
    cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.2
  • cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.2:p4
    cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.2:p4
  • cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4
    cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4
  • cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p1
    cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p1
  • cpe:2.3:a:cisco:collaboration_meeting_rooms:1.0
    cpe:2.3:a:cisco:collaboration_meeting_rooms:1.0
  • cpe:2.3:a:cisco:digital_network_architecture_center:1.2
    cpe:2.3:a:cisco:digital_network_architecture_center:1.2
  • cpe:2.3:a:cisco:expressway:x8.10
    cpe:2.3:a:cisco:expressway:x8.10
  • cpe:2.3:a:cisco:expressway:x8.10.1
    cpe:2.3:a:cisco:expressway:x8.10.1
  • cpe:2.3:a:cisco:expressway:x8.10.2
    cpe:2.3:a:cisco:expressway:x8.10.2
  • cpe:2.3:a:cisco:expressway:x8.10.3
    cpe:2.3:a:cisco:expressway:x8.10.3
  • cpe:2.3:a:cisco:expressway:x8.10.4
    cpe:2.3:a:cisco:expressway:x8.10.4
  • cpe:2.3:a:cisco:expressway:x8.11
    cpe:2.3:a:cisco:expressway:x8.11
  • cpe:2.3:a:cisco:expressway_series
    cpe:2.3:a:cisco:expressway_series
  • cpe:2.3:a:cisco:meeting_management:1.0
    cpe:2.3:a:cisco:meeting_management:1.0
  • cpe:2.3:a:cisco:meeting_management:1.0.1
    cpe:2.3:a:cisco:meeting_management:1.0.1
  • cpe:2.3:a:cisco:network_assurance_engine:2.1%281a%29
    cpe:2.3:a:cisco:network_assurance_engine:2.1%281a%29
  • cpe:2.3:a:cisco:threat_grid-cloud
    cpe:2.3:a:cisco:threat_grid-cloud
  • cpe:2.3:a:cisco:webex_hybrid_data_security
    cpe:2.3:a:cisco:webex_hybrid_data_security
  • cpe:2.3:a:cisco:webex_video_mesh
    cpe:2.3:a:cisco:webex_video_mesh
  • cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10
    cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10
  • cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10.1
    cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10.1
  • cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10.2
    cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10.2
  • cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10.3
    cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10.3
  • cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10.4
    cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10.4
  • cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.11
    cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.11
  • Cisco TelePresence Video Communication Server (VCS)
    cpe:2.3:h:cisco:telepresence_video_communication_server
  • cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3
    cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3
  • cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3.1
    cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3.1
  • cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3.2
    cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3.2
  • cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3.3
    cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3.3
  • cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3.4
    cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3.4
  • cpe:2.3:h:cisco:telepresence_conductor
    cpe:2.3:h:cisco:telepresence_conductor
CVSS
Base: 7.8
Impact:
Exploitability:
CWE CWE-20
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
  • Object Relational Mapping Injection
    An attacker leverages a weakness present in the database access layer code generated with an Object Relational Mapping (ORM) tool or a weakness in the way that a developer used a persistence framework to inject his or her own SQL commands to be executed against the underlying database. The attack here is similar to plain SQL injection, except that the application does not use JDBC to directly talk to the database, but instead it uses a data access layer generated by an ORM tool or framework (e.g. Hibernate). While most of the time code generated by an ORM tool contains safe access methods that are immune to SQL injection, sometimes either due to some weakness in the generated code or due to the fact that the developer failed to use the generated access methods properly, SQL injection is still possible.
  • SQL Injection through SOAP Parameter Tampering
    An attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service provider to initiate a SQL injection attack. On the service provider side, the SOAP message is parsed and parameters are not properly validated before being used to access a database in a way that does not use parameter binding, thus enabling the attacker to control the structure of the executed SQL query. This pattern describes a SQL injection attack with the delivery mechanism being a SOAP message.
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Format String Injection
    An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
  • LDAP Injection
    An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.
  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Variable Manipulation
    An attacker manipulates variables used by an application to perform a variety of possible attacks. This can either be performed through the manipulation of function call parameters or by manipulating external variables, such as environment variables, that are used by an application. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Embedding Scripts in Non-Script Elements
    This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
  • Flash Injection
    An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker.
  • Cross-Site Scripting Using Alternate Syntax
    The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • Cross-Site Scripting via Encoded URI Schemes
    An attack of this type exploits the ability of most browsers to interpret "data", "javascript" or other URI schemes as client-side executable content placeholders. This attack consists of passing a malicious URI in an anchor tag HREF attribute or any other similar attributes in other HTML tags. Such malicious URI contains, for example, a base64 encoded HTML content with an embedded cross-site scripting payload. The attack is executed when the browser interprets the malicious content i.e., for example, when the victim clicks on the malicious link.
  • XML Injection
    An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.
  • Environment Variable Manipulation
    An attacker manipulates environment variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Global variable manipulation
    An attacker manipulates global variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Leverage Alternate Encoding
    This attack leverages the possibility to encode potentially harmful input and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult.
  • Fuzzing
    Fuzzing is a software testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. An attacker can leverage fuzzing to try to identify weaknesses in the system. For instance fuzzing can help an attacker discover certain assumptions made in the system about user input. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions without really knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve his goals.
  • Using Leading 'Ghost' Character Sequences to Bypass Input Filters
    An attacker intentionally introduces leading characters that enable getting the input past the filters. The API that is being targeted, ignores the leading "ghost" characters, and therefore processes the attackers' input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API. Some APIs will strip certain leading characters from a string of parameters. Perhaps these characters are considered redundant, and for this reason they are removed. Another possibility is the parser logic at the beginning of analysis is specialized in some way that causes some characters to be removed. The attacker can specify multiple types of alternative encodings at the beginning of a string as a set of probes. One commonly used possibility involves adding ghost characters--extra characters that don't affect the validity of the request at the API layer. If the attacker has access to the API libraries being targeted, certain attack ideas can be tested directly in advance. Once alternative ghost encodings emerge through testing, the attacker can move from lab-based API testing to testing real-world service implementations.
  • Accessing/Intercepting/Modifying HTTP Cookies
    This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form of this attack involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the attacker to impersonate the remote user/session. The third form is when the cookie's content is modified by the attacker before it is sent back to the server. Here the attacker seeks to convince the target server to operate on this falsified information.
  • Embedding Scripts in HTTP Query Strings
    A variant of cross-site scripting called "reflected" cross-site scripting, the HTTP Query Strings attack consists of passing a malicious script inside an otherwise valid HTTP request query string. This is of significant concern for sites that rely on dynamic, user-generated content such as bulletin boards, news sites, blogs, and web enabled administration GUIs. The malicious script may steal session data, browse history, probe files, or otherwise execute attacks on the client side. Once the attacker has prepared the malicious HTTP query it is sent to a victim user (perhaps by email, IM, or posted on an online forum), who clicks on a normal looking link that contains a poison query string. This technique can be made more effective through the use of services like http://tinyurl.com/, which makes very small URLs that will redirect to very large, complex ones. The victim will not know what he is really clicking on.
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Exploiting Multiple Input Interpretation Layers
    An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Signature Spoof
    An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
  • XML Client-Side Attack
    Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
  • Embedding NULL Bytes
    An attacker embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s).
  • Postfix, Null Terminate, and Backslash
    If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an attacker to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used.
  • Simple Script Injection
    An attacker embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • SQL Injection
    This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. Depending upon the database and the design of the application, it may also be possible to leverage injection to have the database execute system-related commands of the attackers' choice. SQL Injection enables an attacker to talk directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database. In order to successfully inject SQL and retrieve information from a database, an attacker:
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
  • Blind SQL Injection
    Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the attacker constructs input strings that probe the target through simple Boolean SQL expressions. The attacker can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the attacker determines how and where the target is vulnerable to SQL Injection. For example, an attacker may try entering something like "username' AND 1=1; --" in an input field. If the result is the same as when the attacker entered "username" in the field, then the attacker knows that the application is vulnerable to SQL Injection. The attacker can then ask yes/no questions from the database server to extract information from it. For example, the attacker can extract table names from a database using the following types of queries: If the above query executes properly, then the attacker knows that the first character in a table name in the database is a letter between m and z. If it doesn't, then the attacker knows that the character must be between a and l (assuming of course that table names only contain alphabetic characters). By performing a binary search on all character positions, the attacker can determine all table names in the database. Subsequently, the attacker may execute an actual attack and send something like:
  • Using Unicode Encoding to Bypass Validation Logic
    An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.
  • URL Encoding
    This attack targets the encoding of the URL. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc. The attacker could also subvert the meaning of the URL string request by encoding the data being sent to the server through a GET request. For instance an attacker may subvert the meaning of parameters used in a SQL request and sent through the URL string (See Example section).
  • User-Controlled Filename
    An attack of this type involves an attacker inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.
  • Using Escaped Slashes in Alternate Encoding
    This attack targets the use of the backslash in alternate encoding. An attacker can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the attacker tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Using UTF-8 Encoding to Bypass Validation Logic
    This attack is a specific variation on leveraging alternate encodings to bypass validation logic. This attack leverages the possibility to encode potentially harmful input in UTF-8 and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult. UTF-8 (8-bit UCS/Unicode Transformation Format) is a variable-length character encoding for Unicode. Legal UTF-8 characters are one to four bytes long. However, early version of the UTF-8 specification got some entries wrong (in some cases it permitted overlong characters). UTF-8 encoders are supposed to use the "shortest possible" encoding, but naive decoders may accept encodings that are longer than necessary. According to the RFC 3629, a particularly subtle form of this attack can be carried out against a parser which performs security-critical validity checks against the UTF-8 encoded form of its input, but interprets certain illegal octet sequences as characters.
  • Web Logs Tampering
    Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
  • XPath Injection
    An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that he normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database. In order to successfully inject XML and retrieve information from a database, an attacker:
  • AJAX Fingerprinting
    This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. In many XSS attacks the attacker must get a "hole in one" and successfully exploit the vulnerability on the victim side the first time, once the client is redirected the attacker has many chances to engage in follow on probes, but there is only one first chance. In a widely used web application this is not a major problem because 1 in a 1,000 is good enough in a widely used application. A common first step for an attacker is to footprint the environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on.
  • Embedding Script (XSS) in HTTP Headers
    An attack of this type exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.
  • OS Command Injection
    In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
  • XSS in IMG Tags
    Image tags are an often overlooked, but convenient, means for a Cross Site Scripting attack. The attacker can inject script contents into an image (IMG) tag in order to steal information from a victim's browser and execute malicious scripts.
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4266.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. - CVE-2018-5390 Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially crafted packets leading to remote denial of service. - CVE-2018-13405 Jann Horn discovered that the inode_init_owner function in fs/inode.c in the Linux kernel allows local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID.
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111557
    published 2018-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111557
    title Debian DSA-4266-1 : linux - security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1279.NASL
    description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) - A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) - A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system.(CVE-2018-5391) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 112238
    published 2018-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112238
    title EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1279)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3732-2.NASL
    description USN-3732-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111580
    published 2018-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111580
    title Ubuntu 16.04 LTS : linux-hwe, linux-azure, linux-gcp vulnerability (USN-3732-2)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2789.NASL
    description An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting this issue. Bug Fix(es) : * The kernel-rt packages have been upgraded to the 3.10.0-693.39.1 source tree, which provides a number of bug fixes over the previous version. (BZ# 1616431) * Previously, preemption was enabled too early after a context switch. If a task was migrated to another CPU after a context switch, a mismatch between CPU and runqueue during load balancing sometimes occurred. Consequently, a runnable task on an idle CPU failed to run, and the operating system became unresponsive. This update disables preemption in the schedule_tail() function. As a result, CPU migration during post-schedule processing no longer occurs, which prevents the above mismatch. The operating system no longer hangs due to this bug. (BZ#1618466)
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 117816
    published 2018-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117816
    title RHEL 6 : MRG (RHSA-2018:2789)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-2384.NASL
    description From Red Hat Security Advisory 2018:2384 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: race condition in snd_seq_write() may lead to UAF or OOB access (CVE-2018-7566) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390. Bug Fix(es) : These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article : https://access.redhat.com/articles/3527791
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111723
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111723
    title Oracle Linux 7 : kernel (ELSA-2018-2384) (Foreshadow)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2403.NASL
    description An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646 and Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390.
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 112027
    published 2018-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112027
    title RHEL 7 : Virtualization (RHSA-2018:2403) (Foreshadow)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2402.NASL
    description An update for rhvm-appliance is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646 and Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390.
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 112026
    published 2018-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112026
    title RHEL 7 : Virtualization (RHSA-2018:2402) (Foreshadow)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3732-1.NASL
    description Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111579
    published 2018-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111579
    title Ubuntu 18.04 LTS : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, (USN-3732-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180814_KERNEL_ON_SL7_X.NASL
    description Security Fix(es) : - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side- channel attacks. (CVE-2018-3693) - A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) - kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215) - kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) - kernel: race condition in snd_seq_write() may lead to UAF or OOB access (CVE-2018-7566)
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111778
    published 2018-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111778
    title Scientific Linux Security Update : kernel on SL7.x x86_64 (Foreshadow)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2791.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391. Bug Fix(es) : * After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the '__max_smt_threads()' function has been fixed. As a result, both threads are now detected correctly in the described situation. (BZ#1625330)
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 117783
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117783
    title RHEL 6 : kernel (RHSA-2018:2791)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1050.NASL
    description Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port. Thus, the attacks cannot be performed using spoofed IP addresses. ( https://www.kb.cert.org/vuls/id/962459 )
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111550
    published 2018-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111550
    title Amazon Linux 2 : kernel (ALAS-2018-1050)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZA-2018-055.NASL
    description According to the versions of the cpupools / cpupools-features / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. - A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. - A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges. - Use-after-free vulnerability in the snd_pcm_info() function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it is unlikely. - ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access. - In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerability exists in the sound system allowing for a potential deadlock and memory corruption due to use-after-free condition and thus denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-12
    modified 2018-08-20
    plugin id 112018
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112018
    title Virtuozzo 6 : cpupools / cpupools-features / etc (VZA-2018-055)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-826.NASL
    description The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-5390 aka 'SegmentSmack': A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP and/or TCP fragment reassembly (bsc#1102340) - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851). The following non-security bugs were fixed : - acpi, APEI, EINJ: Subtract any matching Register Region from Trigger resources (bsc#1051510). - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value (bsc#1051510). - acpi, nfit: Fix scrub idle detection (bsc#1094119). - acpi / processor: Finish making acpi_processor_ppc_has_changed() void (bsc#1051510). - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS (bsc#1051510). - alsa: emu10k1: add error handling for snd_ctl_add (bsc#1051510). - alsa: emu10k1: Rate-limit error messages about page errors (bsc#1051510). - alsa: fm801: add error handling for snd_ctl_add (bsc#1051510). - alsa: hda: add mute led support for HP ProBook 455 G5 (bsc#1051510). - alsa: hda - Handle pm failure during hotplug (bsc#1051510). - alsa: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk (bsc#1051510). - alsa: hda/realtek - two more lenovo models need fixup of MIC_LOCATION (bsc#1051510). - alsa: hda/realtek - Yet another Clevo P950 quirk entry (bsc#1101143). - alsa: rawmidi: Change resized buffers atomically (bsc#1051510). - alsa: usb-audio: Apply rate limit to warning messages in URB complete callback (bsc#1051510). - alx: take rtnl before calling __alx_open from resume (bsc#1051510). - arm64: Correct type for PUD macros (bsc#1103723). - arm64: Disable unhandled signal log messages by default (bsc#1103724). - arm64: kpti: Use early_param for kpti= command-line option (bsc#1103220). - arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bsc#1103725). - arm64: mm: Fix set_memory_valid() declaration (bsc#1103726). - arm64: perf: correct PMUVer probing (bsc#1103727). - arm64: ptrace: Avoid setting compat FPR to garbage if get_user fails (bsc#1103728). - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics (bsc#1103729). - arm64: vdso: fix clock_getres for 4GiB-aligned res (bsc#1103730). - arm: module: fix modsign build error (bsc#1093666). - ASoC: dpcm: fix BE dai not hw_free and shutdown (bsc#1051510). - ASoC: mediatek: preallocate pages use platform device (bsc#1051510). - ASoC: topology: Add missing clock gating parameter when parsing hw_configs (bsc#1051510). - ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format() (bsc#1051510). - ath9k_htc: Add a sanity check in ath9k_htc_ampdu_action() (bsc#1051510). - ath: Add regulatory mapping for APL13_WORLD (bsc#1051510). - ath: Add regulatory mapping for APL2_FCCA (bsc#1051510). - ath: Add regulatory mapping for Bahamas (bsc#1051510). - ath: Add regulatory mapping for Bermuda (bsc#1051510). - ath: Add regulatory mapping for ETSI8_WORLD (bsc#1051510). - ath: Add regulatory mapping for FCC3_ETSIC (bsc#1051510). - ath: Add regulatory mapping for Serbia (bsc#1051510). - ath: Add regulatory mapping for Tanzania (bsc#1051510). - ath: Add regulatory mapping for Uganda (bsc#1051510). - atl1c: reserve min skb headroom (bsc#1051510). - audit: ensure that 'audit=1' actually enables audit for PID 1 (bsc#1051510). - audit: Fix wrong task in comparison of session ID (bsc#1051510). - audit: return on memory error to avoid NULL pointer dereference (bsc#1051510). - b44: Initialize 64-bit stats seqcount (bsc#1051510). - backlight: as3711_bl: Fix Device Tree node leaks (bsc#1051510). - backlight: lm3630a: Bump REG_MAX value to 0x50 instead of 0x1F (bsc#1051510). - backlight: pwm_bl: Do not use GPIOF_* with gpiod_get_direction (bsc#1051510). - batman-adv: Accept only filled wifi station info (bsc#1051510). - batman-adv: Always initialize fragment header priority (bsc#1051510). - batman-adv: Avoid race in TT TVLV allocator helper (bsc#1051510). - batman-adv: Avoid storing non-TT-sync flags on singular entries too (bsc#1051510). - batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump (bsc#1051510). - batman-adv: Fix bat_v best gw refcnt after netlink dump (bsc#1051510). - batman-adv: Fix check of retrieved orig_gw in batadv_v_gw_is_eligible (bsc#1051510). - batman-adv: Fix debugfs path for renamed hardif (bsc#1051510). - batman-adv: Fix debugfs path for renamed softif (bsc#1051510). - batman-adv: fix header size check in batadv_dbg_arp() (bsc#1051510). - batman-adv: Fix internal interface indices types (bsc#1051510). - batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq (bsc#1051510). - batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag (bsc#1051510). - batman-adv: fix multicast-via-unicast transmission with AP isolation (bsc#1051510). - batman-adv: Fix netlink dumping of BLA backbones (bsc#1051510). - batman-adv: Fix netlink dumping of BLA claims (bsc#1051510). - batman-adv: fix packet checksum in receive path (bsc#1051510). - batman-adv: fix packet loss for broadcasted DHCP packets to a server (bsc#1051510). - batman-adv: Fix skbuff rcsum on packet reroute (bsc#1051510). - batman-adv: fix TT sync flag inconsistencies (bsc#1051510). - batman-adv: Fix TT sync flags for intermediate TT responses (bsc#1051510). - batman-adv: Ignore invalid batadv_iv_gw during netlink send (bsc#1051510). - batman-adv: Ignore invalid batadv_v_gw during netlink send (bsc#1051510). - batman-adv: invalidate checksum on fragment reassembly (bsc#1051510). - batman-adv: update data pointers after skb_cow() (bsc#1051510). - batman-adv: Use default throughput value on cfg80211 error (bsc#1051510). - blk-mq: count allocated but not started requests in iostats inflight (bsc#1077989). - blk-mq: fix sysfs inflight counter (bsc#1077989). - block: always set partition number to '0' in blk_partition_remap() (bsc#1054245). - block: always set partition number to '0' in blk_partition_remap() (bsc#1077989). - block: bio_check_eod() needs to consider partitions (bsc#1077989). - block: fail op_is_write() requests to read-only partitions (bsc#1077989). - block: pass 'run_queue' to blk_mq_request_bypass_insert (bsc#1077989). - block: set request_list for request (bsc#1077989). - bluetooth: avoid recursive locking in hci_send_to_channel() (bsc#1051510). - bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 (bsc#1051510). - bluetooth: btusb: add ID for LiteOn 04ca:301a (bsc#1051510). - bluetooth: hci_ll: Add support for the external clock (bsc#1051510). - bluetooth: hci_ll: Fix download_firmware() return when __hci_cmd_sync fails (bsc#1051510). - bluetooth: hci_nokia: select BT_HCIUART_H4 (bsc#1051510). - bluetooth: hci_qca: Fix 'Sleep inside atomic section' warning (bsc#1051510). - bluetooth: hci_uart: fix kconfig dependency (bsc#1051510). - bnxt_en: Always set output parameters in bnxt_get_max_rings() (bsc#1050242). - bnxt_en: Do not modify max IRQ count after rdma driver requests/frees IRQs (bsc#1050242). - bnxt_en: Fix for system hang if request_irq fails (bsc#1050242 ). - bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic (bsc#1050242 ). - bnxt_en: Fix the vlan_tci exact match check (bsc#1050242 ). - bonding: re-evaluate force_primary when the primary slave name changes (networking-stable-18_06_20). - brcmfmac: Add support for bcm43364 wireless chipset (bsc#1051510). - btrfs: Do not remove block group still has pinned down bytes (bsc#1086457). - bus: arm-cci: Fix use of smp_processor_id() in preemptible context (bsc#1051510). - bus: arm-ccn: Check memory allocation failure (bsc#1051510). - bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left (bsc#1051510). - bus: arm-ccn: Fix use of smp_processor_id() in preemptible context (bsc#1051510). - can: bcm: check for null sk before deferencing it via the call to sock_net (bsc#1051510). - can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before checking can.ctrlmode (bsc#1051510). - can: mpc5xxx_can: check of_iomap return before use (bsc#1051510). - can: peak_canfd: fix firmware < v3.3.0: limit allocation to 32-bit DMA addr only (bsc#1051510). - can: xilinx_can: fix device dropping off bus on RX overrun (bsc#1051510). - can: xilinx_can: fix incorrect clear of non-processed interrupts (bsc#1051510). - can: xilinx_can: fix power management handling (bsc#1051510). - can: xilinx_can: fix recovery from error states not being propagated (bsc#1051510). - can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK (bsc#1051510). - can: xilinx_can: fix RX overflow interrupt not being enabled (bsc#1051510). - can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting (bsc#1051510). - cdc_ncm: avoid padding beyond end of skb (networking-stable-18_06_20). - cfg80211: initialize sinfo in cfg80211_get_station (bsc#1051510). - checkpatch: add 6 missing types to --list-types (bsc#1051510). - cifs: do not allow creating sockets except with SMB1 posix exensions (bsc#1102097). - cifs: Fix infinite loop when using hard mount option (bsc#1091171). - clk: at91: fix clk-generated parenting (bsc#1051510). - clk: at91: PLL recalc_rate() now using cached MUL and DIV values (bsc#1051510). - clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() (bsc#1051510). - clk: bcm2835: De-assert/assert PLL reset signal when appropriate (bsc#1051510). - clk: Do not show the incorrect clock phase (bsc#1051510). - clk: Do not write error code into divider register (bsc#1051510). - clk: fix false-positive Wmaybe-uninitialized warning (bsc#1051510). - clk: fix mux clock documentation (bsc#1051510). - clk: Fix __set_clk_rates error print-string (bsc#1051510). - clk: fix set_rate_range when current rate is out of range (bsc#1051510). - clk: hi3660: fix incorrect uart3 clock freqency (bsc#1051510). - clk: hi6220: change watchdog clock source (bsc#1051510). - clk: hi6220: mark clock cs_atb_syspll as critical (bsc#1051510). - clk: hisilicon: fix potential NULL dereference in hisi_clk_alloc() (bsc#1051510). - clk: hisilicon: mark wdt_mux_p[] as const (bsc#1051510). - clk: honor CLK_MUX_ROUND_CLOSEST in generic clk mux (bsc#1051510). - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bsc#1051510). - clk: imx7d: fix mipi dphy div parent (bsc#1051510). - clk: mediatek: add the option for determining PLL source clock (bsc#1051510). - clk: mediatek: mark mtk_infrasys_init_early __init (bsc#1051510). - clk: meson: gxbb: fix clk_mclk_i958 divider flags (bsc#1051510). - clk: meson: gxbb: fix meson cts_amclk divider flags (bsc#1051510). - clk: meson: gxbb: fix wrong clock for SARADC/SANA (bsc#1051510). - clk: meson: meson8b: fix protection against undefined clks (bsc#1051510). - clk: meson: mpll: fix mpll0 fractional part ignored (bsc#1051510). - clk: meson: mpll: use 64-bit maths in params_from_rate (bsc#1051510). - clk: meson: remove unnecessary rounding in the pll clock (bsc#1051510). - clk: mvebu: use correct bit for 98DX3236 NAND (bsc#1051510). - clk: qcom: Base rcg parent rate off plan frequency (bsc#1051510). - clk: qcom: clk-smd-rpm: Fix the reported rate of branches (bsc#1051510). - clk: qcom: common: fix legacy board-clock registration (bsc#1051510). - clk: qcom: msm8916: Fix bimc gpu clock ops (bsc#1051510). - clk: qcom: msm8916: fix mnd_width for codec_digcodec (bsc#1051510). - clk: renesas: div6: Document fields used for parent selection (bsc#1051510). - clk: renesas: r8a7745: Remove nonexisting scu-src[0789] clocks (bsc#1051510). - clk: renesas: r8a7745: Remove PLL configs for MD19=0 (bsc#1051510). - clk: renesas: r8a7795: Correct pwm, gpio, and i2c parent clocks on ES2.0 (bsc#1051510). - clk: renesas: rcar-gen2: Fix PLL0 on R-Car V2H and E2 (bsc#1051510). - clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 (bsc#1051510). - clk: rockchip: Prevent calculating mmc phase if clock rate is zero (bsc#1051510). - clk: samsung: exynos3250: Fix PLL rates (bsc#1051510). - clk: samsung: exynos5250: Add missing clocks for FIMC LITE SYSMMU devices (bsc#1051510). - clk: samsung: exynos5250: Fix PLL rates (bsc#1051510). - clk: samsung: exynos5260: Fix PLL rates (bsc#1051510). - clk: samsung: exynos5433: Fix PLL rates (bsc#1051510). - clk: samsung: exynos7: Fix PLL rates (bsc#1051510). - clk: samsung: Fix m2m scaler clock on Exynos542x (bsc#1051510). - clk: samsung: s3c2410: Fix PLL rates (bsc#1051510). - clk: scpi: error when clock fails to register (bsc#1051510). - clk: scpi: fix return type of __scpi_dvfs_round_rate (bsc#1051510). - clk: si5351: fix PLL reset (bsc#1051510). - clk: si5351: Rename internal plls to avoid name collisions (bsc#1051510). - clk: socfpga: Fix the smplsel on Arria10 and Stratix10 (bsc#1051510). - clk: sunxi: fix build warning (bsc#1051510). - clk: sunxi: fix uninitialized access (bsc#1051510). - clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops (bsc#1051510). - clk: sunxi-ng: add CLK_SET_RATE_PARENT flag to H3 GPU clock (bsc#1051510). - clk: sunxi-ng: add CLK_SET_RATE_UNGATE to all H3 PLLs (bsc#1051510). - clk: sunxi-ng: allow set parent clock (PLL_CPUX) for CPUX clock on H3 (bsc#1051510). - clk: sunxi-ng: Fix fractional mode for N-M clocks (bsc#1051510). - clk: sunxi-ng: h3: gate then ungate PLL CPU clk after rate change (bsc#1051510). - clk: sunxi-ng: Make fractional helper less chatty (bsc#1051510). - clk: sunxi-ng: multiplier: Fix fractional mode (bsc#1051510). - clk: sunxi-ng: nm: Check if requested rate is supported by fractional clock (bsc#1051510). - clk: sunxi-ng: sun5i: Fix bit offset of audio PLL post-divider (bsc#1051510). - clk: sunxi-ng: sun6i: Export video PLLs (bsc#1051510). - clk: sunxi-ng: sun6i: Rename HDMI DDC clock to avoid name collision (bsc#1051510). - clk: sunxi-ng: Wait for lock when using fractional mode (bsc#1051510). - clk: tegra: Fix cclk_lp divisor register (bsc#1051510). - clk: tegra: Fix pll_u rate configuration (bsc#1051510). - clk: tegra: Use readl_relaxed_poll_timeout_atomic() in tegra210_clock_init() (bsc#1051510). - clk: ti: dra7-atl-clock: fix child-node lookups (bsc#1051510). - clk: uniphier: fix DAPLL2 clock rate of Pro5 (bsc#1051510). - clk: x86: Do not gate clocks enabled by the firmware (bsc#1051510). - clockevents/drivers/cs5535: Improve resilience to spurious interrupts (bsc#1051510). - clocksource/drivers/stm32: Fix kernel panic with multiple timers (bsc#1051510). - cnic: Fix an error handling path in 'cnic_alloc_bnx2x_resc()' (bsc#1086324). - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path (bsc#1100884). - cpufreq: CPPC: Initialize shared perf capabilities of CPUs (bsc#1100884). - cpufreq: docs: Add missing cpuinfo_cur_freq description (bsc#1051510). - cpufreq: docs: Drop intel-pstate.txt from index.txt (bsc#1051510). - cpufreq: Fix new policy initialization during limits updates via sysfs (bsc#1100884). - cpufreq: governors: Fix long idle detection logic in load calculation (bsc#1100884). - cpufreq: intel_pstate: Limit the scope of HWP dynamic boost platforms (bsc#1066110). - cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt (bsc#1100884). - cpuidle: powernv: Fix promotion from snooze if next state disabled (bsc#1100884). - crash_dump: is_kdump_kernel can be boolean (bsc#1103230). - crypto: caam/qi - explicitly set dma_ops (bsc#1051510). - crypto: ccp - remove unused variable qim (bsc#1051510). - crypto: change transient busy return code to -ENOSPC (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Add authenc versions of ctr and sha (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Check error code with IS_ERR macro (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - check for sg null (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - do not leak pointers to authenc keys (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix an error code in chcr_hash_dma_map() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix Indentation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix indentation warning (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix iv passed in fallback path for rfc3686 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix IV updated in XTS operation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Fix src buffer dma length (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Make function aead_ccm_validate_input static (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Move DMA un/mapping to chcr from lld cxgb4 driver (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Remove allocation of sg list to implement 2K limit of dsgl header (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Remove dst sg size zero check (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Remove unused parameter (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Update IV before sending request to HW (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Use kernel round function to align lengths (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: chelsio - Use x8_ble gf multiplication to calculate IV (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak (bsc#1051510). - crypto: crypto4xx - remove bad list_del (bsc#1051510). - crypto: gf128mul - The x8_ble multiplication functions (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - crypto: sha512-mb - add some missing unlock on error (bsc#1051510). - cxgb4: Add FORCE_PAUSE bit to 32 bit port caps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add HMA support (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add new T5 device id (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: add new T5 device id's (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add new T6 device ids (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Adds CPL support for Shared Receive Queues (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add support for ethtool i2c dump (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add support to initialise/read SRQ entries (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add support to query HW SRQ parameters (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Add TP Congestion map entry for single-port (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: avoid schedule while atomic (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: change the port capability bits definition (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Check alignment constraint for T6 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Check for kvzalloc allocation failure (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: clean up init_one (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: collect hardware dump in second kernel (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: collect SGE PF/VF queue map (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: copy adap index to PF0-3 adapter instances (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: copy mbox log size to PF0-3 adap instances (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: copy the length of cpl_tx_pkt_core to fw_wr (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: copy vlan_id in ndo_get_vf_config (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4/cxgb4vf: add support for ndo_set_vf_vlan (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4/cxgb4vf: check fw caps to set link mode mask (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4/cxgb4vf: link management changes for new SFP (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4/cxgb4vf: Notify link changes to OS-dependent code (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: depend on firmware event for link status (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do L1 config when module is inserted (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do not display 50Gbps as unsupported speed (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do not fail vf instatiation in slave mode (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: do not set needs_free_netdev for mgmt dev's (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: enable inner header checksum calculation (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: enable ZLIB_DEFLATE when building cxgb4 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Fix error handling path in 'init_one()' (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Fix queue free path of ULD drivers (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: fix the wrong conversion of Mbps to Kbps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Fix {vxlan/geneve}_port initialization (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: free up resources of pf 0-3 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: increase max tx rate limit to 100 Gbps (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: IPv6 filter takes 2 tids (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: notify fatal error to uld drivers (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: remove dead code when allocating filter (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: restructure VF mgmt code (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: rework on-chip memory read (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Setup FW queues before registering netdev (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Support firmware rdma write completion work request (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: Support firmware rdma write with immediate work request (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: support new ISSI flash parts (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: update dump collection logic to use compression (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: update latest firmware version supported (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: update latest firmware version supported (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: update LE-TCAM collection for T6 (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: use CLIP with LIP6 on T6 for TCAM filters (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: use zlib deflate to compress firmware dump (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4vf: display pause settings (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4vf: Forcefully link up virtual interfaces (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgb4: zero the HMA memory (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - cxgbit: call neigh_event_send() to update MAC address (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - dccp: do not free ccid2_hc_tx_sock struct in dccp_disconnect() (networking-stable-18_06_08). - device property: Allow iterating over available child fwnodes (bsc#1098633). - device property: Introduce fwnode_call_bool_op() for ops that return bool (bsc#1098633). - device property: Introduce fwnode_device_is_available() (bsc#1098633). - device property: Introduce fwnode_get_mac_address() (bsc#1098633). - device property: Introduce fwnode_get_phy_mode() (bsc#1098633). - device property: Introduce fwnode_irq_get() (bsc#1098633). - device property: Move fwnode graph ops to firmware specific locations (bsc#1098633). - device property: Move FW type specific functionality to FW specific files (bsc#1098633). - device property: preserve usecount for node passed to of_fwnode_graph_get_port_parent() (bsc#1098633). - dmaengine: fsl-edma: disable clks on all error paths (bsc#1051510). - dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() (bsc#1051510). - dmaengine: mv_xor_v2: Fix clock resource by adding a register clock (bsc#1051510). - dmaengine: omap-dma: port_window support correction for both direction (bsc#1051510). - dmaengine: pl330: fix a race condition in case of threaded irqs (bsc#1051510). - dmaengine: pl330: report BURST residue granularity (bsc#1051510). - dmaengine: qcom: bam_dma: get num-channels and num-ees from dt (bsc#1051510). - dmaengine: qcom_hidma: check pending interrupts (bsc#1051510). - dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() (bsc#1051510). - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 (bsc#1051510). - dmaengine: tegra210-adma: fix of_irq_get() error check (bsc#1051510). - dmaengine: tegra-apb: Really fix runtime-pm usage (bsc#1051510). - dmaengine: xilinx_dma: Fix error code format specifier (bsc#1051510). - dmaengine: zynqmp_dma: Fix race condition in the probe (bsc#1051510). - doc: Rename .system_keyring to .builtin_trusted_keys (bsc#1051510). - doc: SKB_GSO_[IPIP|SIT] have been replaced (bsc#1051510). - docs-rst: fix broken links to dynamic-debug-howto in kernel-parameters (bsc#1051510). - docs: segmentation-offloads.txt: Fix ref to SKB_GSO_TUNNEL_REMCSUM (bsc#1051510). - documentation: admin-guide: intel_pstate: Fix sysfs path (bsc#1051510). - dp83640: Ensure against premature access to PHY registers after reset (bsc#1051510). - drbd: fix access after free (bsc#1051510). - driver core: Fix link to device power management documentation (bsc#1051510). - driver core: Partially revert 'driver core: correct device's shutdown order' (bsc#1051510). - drivers/firmware: psci_checker: Add missing destroy_timer_on_stack() (bsc#1051510). - drivers/net/ethernet/qlogic/qed: Fix __qed_spq_block() ordering (bsc#1086314 bsc#1086313 bsc#1086301 ). - drivers: net: i40evf: use setup_timer() helper (bsc#1101816 ). - drivers: soc: sunxi: fix error processing on base address when claiming (bsc#1051510). - drm: Add DP PSR2 sink enable bit (bsc#1051510). - drm/amdgpu: Remove VRAM from shared bo domains (bsc#1051510). - drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() (bsc#1051510). - drm/atomic: Handling the case when setting old crtc for plane (bsc#1051510). - drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown() (bsc#1051510). - drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy (bsc#1051510). - drm/atomic: Make async plane update checks work as intended, v2 (bsc#1051510). - drm/bridge/sii8620: fix potential buffer overflow (bsc#1051510). - drm/dp/mst: Fix off-by-one typo when dump payload table (bsc#1051510). - drm/exynos: Fix dma-buf import (bsc#1051510). - drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (bsc#1051510). - drm/i915/dp: Send DPCD ON for MST before phy_up (bsc#1051510). - drm/i915: Fix hotplug irq ack on i965/g4x (bsc#1051510). - drm/i915: Only call tasklet_kill() on the first prepare_reset (bsc#1051510). - drm: mali-dp: Uninitialized variable in malidp_se_check_scaling() (bsc#1087092). - drm/nouveau: Avoid looping through fake MST connectors (bsc#1051510). - drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit() (bsc#1090888). - drm/nouveau/fifo/gk104-: poll for runlist update completion (bsc#1051510). - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (bsc#1051510). - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors (bsc#1051510). - drm/radeon: fix mode_valid's return type (bsc#1051510). - drm: rcar-du: lvds: Fix LVDCR1 for R-Car gen3 (bsc#1085539). - drm: rcar-du: Remove zpos field from rcar_du_vsp_plane_state structure (bsc#1085539). - drm: re-enable error handling (bsc#1051510). - drm/rockchip: analogix_dp: Remove unnecessary init code (bsc#1085536). - drm/rockchip: dw_hdmi: Move HDMI vpll clock enable to bind() (bsc#1087092). - drm/rockchip: Fix build warning in analogix_dp-rockchip.c (bsc#1085536). - drm/rockchip: inno_hdmi: Fix error handling path (bsc#1087092). - drm/rockchip: inno_hdmi: reorder clk_disable_unprepare call in unbind (bsc#1087092). - drm/tegra: Acquire a reference to the IOVA cache (bsc#1090888). - drm/udl: fix display corruption of the last line (bsc#1101337). - drm: Use kvzalloc for allocating blob property memory (bsc#1101352). - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats (bsc#1051510). - dvb_frontend: do not use-after-free the frontend struct (bsc#1051510). - efi/efi_test: Prevent an Oops in efi_runtime_query_capsulecaps() (bsc#1051510). - enic: do not overwrite error code (bsc#1037697). - enic: enable rq before updating rq descriptors (bsc#1037697). - enic: set DMA mask to 47 bit (networking-stable-18_06_08). - ethtool: add ethtool_intersect_link_masks (bsc#1101816 ). - firewire: net: max MTU off by one (bsc#1051510). - firmware: arm_scpi: fix endianness of dev_id in struct dev_pstate_set (bsc#1051510). - firmware: dmi: Optimize dmi_matches (bsc#1051510). - firmware: tegra: Fix locking bugs in BPMP (bsc#1051510). - Fix English in description of GCC_PLUGIN_STRUCTLEAK (bsc#1051510). - Fix kABI breakage for of/device change (bsc#1051510). - fix kabi due to perf_event.h uapi field change (). - Fix kABI for rtl_deinit_deferred_work() rewrite (bsc#1051510). - fix Patch-mainline header - fm10k: add missing fall through comment (bsc#1101813 ). - fm10k: avoid divide by zero in rare cases when device is resetting (bsc#1101813). - fm10k: avoid needless delay when loading driver (bsc#1101813 ). - fm10k: avoid possible truncation of q_vector->name (bsc#1101813 ). - fm10k: bump version number (bsc#1101813). - fm10k: bump version number (bsc#1101813). - fm10k: clarify action when updating the VLAN table (bsc#1101813 ). - fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (bsc#1101813). - fm10k: correct typo in fm10k_pf.c (bsc#1101813). - fm10k: do not assume VLAN 1 is enabled (bsc#1101813). - fm10k: do not loop while resetting VFs due to VFLR event (bsc#1101813). - fm10k: do not protect fm10k_queue_mac_request by fm10k_host_mbx_ready (bsc#1101813). - fm10k: Fix configuration for macvlan offload (bsc#1101813 ). - fm10k: fix 'failed to kill vid' message for VF (bsc#1101813 ). - fm10k: fix function doxygen comments (bsc#1101813). - fm10k: fix incorrect warning for function prototype (bsc#1101813 ). - fm10k: Fix misuse of net_ratelimit() (bsc#1101813). - fm10k: fix typos on fall through comments (bsc#1101813 ). - fm10k: introduce a message queue for MAC/VLAN messages (bsc#1101813). - fm10k: mark PM functions as __maybe_unused (bsc#1101813 ). - fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (bsc#1101813). - fm10k: prefer %s and __func__ for diagnostic prints (bsc#1101813 ). - fm10k: prepare_for_reset() when we lose PCIe Link (bsc#1101813 ). - fm10k: prevent race condition of __FM10K_SERVICE_SCHED (bsc#1101813). - fm10k: reduce duplicate fm10k_stat macro code (bsc#1101813 ). - fm10k: reschedule service event if we stall the PF<->SM mailbox (bsc#1101813). - fm10k: setup VLANs for l2 accelerated macvlan interfaces (bsc#1101813). - fm10k: simplify reading PFVFLRE register (bsc#1101813 ). - fm10k: stop adding VLAN 0 to the VLAN table (bsc#1101813 ). - fm10k: stop spurious link down messages when Tx FIFO is full (bsc#1101813). - fm10k: use generic PM hooks instead of legacy PCIe power hooks (bsc#1101813). - fm10k: use macro to avoid passing the array and size separately (bsc#1101813). - fm10k: Use seq_putc() in fm10k_dbg_desc_break() (bsc#1101813 ). - fm10k: use spinlock to implement mailbox lock (bsc#1101813 ). - fm10k: use the MAC/VLAN queue for VF<->PF MAC/VLAN requests (bsc#1101813). - fm10k: use variadic arguments to fm10k_add_stat_strings (bsc#1101813). - fm10k: warn if the stat size is unknown (bsc#1101813 ). - fsi: core: register with postcore_initcall (bsc#1051510). - fuse: atomic_o_trunc should truncate pagecache (bsc#1051510). - fuse: do not keep dead fuse_conn at fuse_fill_super() (bsc#1051510). - fuse: fix congested state leak on aborted connections (bsc#1051510). - fuse: fix control dir setup and teardown (bsc#1051510). - fuse: Remove the buggy retranslation of pids in fuse_dev_do_read (bsc#1051510). - genirq: Check __free_irq() return value for NULL (bsc#1103517). - gpio: acpi: work around false-positive -Wstring-overflow warning (bsc#1051510). - gpio: brcmstb: allow all instances to be wakeup sources (bsc#1051510). - gpio: brcmstb: check return value of gpiochip_irqchip_add() (bsc#1051510). - gpio: brcmstb: correct the configuration of level interrupts (bsc#1051510). - gpio: brcmstb: release the bgpio lock during irq handlers (bsc#1051510). - gpio: brcmstb: switch to handle_level_irq flow (bsc#1051510). - gpio: pca953x: fix vendor prefix for PCA9654 (bsc#1051510). - gpio: reject invalid gpio before getting gpio_desc (bsc#1051510). - gpio: tegra: fix unbalanced chained_irq_enter/exit (bsc#1051510). - gpu: host1x: Acquire a reference to the IOVA cache (bsc#1090888). - hid: hid-plantronics: Re-resend Update to map button for PTT products (bsc#1051510). - hid: i2c-hid: check if device is there before really probing (bsc#1051510). - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close (bsc#1051510). - hwmon: (aspeed-pwm) add THERMAL dependency (bsc#1051510). - hwmon: Deal with errors from the thermal subsystem (bsc#1051510). - hwmon: (ftsteutates) Fix clearing alarm sysfs entries (bsc#1051510). - hwmon: (ltc2990) Fix incorrect conversion of negative temperatures (bsc#1051510). - hwmon: (nct6683) Enable EC access if disabled at boot (bsc#1051510). - hwmon: (stts751) buffer overrun on wrong chip configuration (bsc#1051510). - hwmon: (tmp102) Fix first temperature reading (bsc#1051510). - hwrng: stm32 - add reset during probe (bsc#1051510). - i2c: axxia: enable clock before calling clk_get_rate() (bsc#1051510). - i2c: designware: Round down ACPI provided clk to nearest supported clk (bsc#1051510). - i2c: mux: pinctrl: mention correct module name in Kconfig help text (bsc#1051510). - i2c: tegra: Fix NACK error handling (bsc#1051510). - i40e: Add advertising 10G LR mode (bsc#1101816). - i40e: add check for return from find_first_bit call (bsc#1101816 ). - i40e: Add delay after EMP reset for firmware to recover (bsc#1101816). - i40e: add doxygen comment for new mode parameter (bsc#1101816 ). - i40e: add function doc headers for ethtool stats functions (bsc#1101816). - i40e: add function header for i40e_get_rxfh (bsc#1101816 ). - i40e: add helper conversion function for link_speed (bsc#1101816 ). - i40e: Add infrastructure for queue channel support (bsc#1101816 ). - i40e: Add macro for PF reset bit (bsc#1101816). - i40e: Add new PHY types for 25G AOC and ACC support (bsc#1101816 ). - i40e: Add returning AQ critical error to SW (bsc#1101816 ). - i40e: Add support for 'ethtool -m' (bsc#1101816). - i40e: add tx_busy to ethtool stats (bsc#1101816). - i40e: allow XPS with QoS enabled (bsc#1101816). - i40e: always return all queue stat strings (bsc#1101816 ). - i40e: always return VEB stat strings (bsc#1101816). - i40e: avoid divide by zero (bsc#1101816). - i40e: avoid overflow in i40e_ptp_adjfreq() (bsc#1101816 ). - i40e: broadcast filters can trigger overflow promiscuous (bsc#1101816). - i40e: calculate ethtool stats size in a separate function (bsc#1101816). - i40e: change flags to use 64 bits (bsc#1101816). - i40e: change ppp name to ddp (bsc#1101816). - i40e: check for invalid DCB config (bsc#1101816). - i40e: Cleanup i40e_vlan_rx_register (bsc#1101816). - i40e: cleanup unnecessary parens (bsc#1101816). - i40e: cleanup whitespace for some ethtool stat definitions (bsc#1101816). - i40e: cleanup wording in a header comment (bsc#1101816 ). - i40e: convert i40e_get_settings_link_up to new API (bsc#1101816 ). - i40e: convert i40e_phy_type_to_ethtool to new API (bsc#1101816 ). - i40e: convert i40e_set_link_ksettings to new API (bsc#1101816 ). - i40e: Delete an error message for a failed memory allocation in i40e_init_interrupt_scheme() (bsc#1101816). - i40e: Disable iWARP VSI PETCP_ENA flag on netdev down events (bsc#1101816). - i40e: disallow programming multiple filters with same criteria (bsc#1101816). - i40e: Display error message if module does not meet thermal requirements (bsc#1101816). - i40e: display priority_xon and priority_xoff stats (bsc#1101816 ). - i40e: do not clear suspended state until we finish resuming (bsc#1101816). - i40e: do not enter PHY debug mode while setting LEDs behaviour (bsc#1101816). - i40e: do not force filter failure in overflow promiscuous (bsc#1101816). - i40e: do not hold spinlock while resetting VF (bsc#1101816 ). - i40e: do not leak memory addresses (bsc#1101816). - i40e: drop i40e_pf *pf from i40e_vc_disable_vf() (bsc#1101816 ). - i40e: Enable VF to negotiate number of allocated queues (bsc#1101816). - i40e: ensure reset occurs when disabling VF (bsc#1101816 ). - i40e: factor out re-enable functions for ATR and SB (bsc#1101816 ). - i40e: Fix a potential NULL pointer dereference (bsc#1101816 ). - i40e: fix a typo (bsc#1101816). - i40e: fix a typo in i40e_pf documentation (bsc#1101816 ). - i40e: fix clearing link masks in i40e_get_link_ksettings (bsc#1101816). - i40e: fix comment typo (bsc#1101816). - i40e: fix flags declaration (bsc#1101816). - i40e: Fix FLR reset timeout issue (bsc#1101816). - i40e: Fix for adding multiple ethtool filters on the same location (bsc#1101816). - i40e: Fix for blinking activity instead of link LEDs (bsc#1101816). - i40e: fix for flow director counters not wrapping as expected (bsc#1101816). - i40e: Fix for NUP NVM image downgrade failure (bsc#1101816 ). - i40e: fix for wrong partition id calculation on OCP mezz cards (bsc#1101816). - i40e: fix handling of vf_states variable (bsc#1101816 ). - i40e: fix i40e_phy_type_to_ethtool function header (bsc#1101816 ). - i40e: fix incorrect register definition (bsc#1101816). - i40e: Fix kdump failure (bsc#1101816). - i40e: Fix link down message when interface is brought up (bsc#1101816). - i40e: fix link reporting (bsc#1101816). - i40e: fix merge error (bsc#1101816). - i40e: Fix multiple issues with UDP tunnel offload filter configuration (bsc#1101816). - i40e: Fix permission check for VF MAC filters (bsc#1101816 ). - i40e: fix reading LLDP configuration (bsc#1101816). - i40e: Fix recalculation of MSI-X vectors for VMDq (bsc#1101816 ). - i40e: Fix reporting of supported link modes (bsc#1101816 ). - i40e: Fix the polling mechanism of GLGEN_RSTAT.DEVSTATE (bsc#1101816). - i40e: fix typo in function description (bsc#1101816). - i40e: Fix unqualified module message while bringing link up (bsc#1101816). - i40e: fix whitespace issues in i40e_ethtool.c (bsc#1101816 ). - i40e: fold prefix strings directly into stat names (bsc#1101816 ). - i40e: free skb after clearing lock in ptp_stop (bsc#1101816 ). - i40e: free the skb after clearing the bitlock (bsc#1101816 ). - i40e: group autoneg PHY types together (bsc#1101816). - i40e: hold the RTNL lock while changing interrupt schemes (bsc#1101816). - i40e/i40evf: Add support for new mechanism of updating adaptive ITR (bsc#1101816). - i40e/i40evf: always set the CLEARPBA flag when re-enabling interrupts (bsc#1101816). - i40e/i40evf: Bump driver versions (bsc#1101816). - i40e/i40evf: bundle more descriptors when allocating buffers (bsc#1101816). - i40e/i40evf: cleanup incorrect function doxygen comments (bsc#1101816). - i40e/i40evf: Clean up logic for adaptive ITR (bsc#1101816 ). - i40e/i40evf: Clean-up of bits related to using q_vector->reg_idx (bsc#1101816). - i40e/i40evf: Detect and recover hung queue scenario (bsc#1101816 ). - i40e/i40evf: Do not bother setting the CLEARPBA bit (bsc#1101816 ). - i40e/i40evf: do not trust VF to reset itself (bsc#1101816 ). - i40e/i40evf: Enable NVMUpdate to retrieve AdminQ and add preservation flags for NVM update (bsc#1101816). - i40e/i40evf: fix incorrect default ITR values on driver load (bsc#1101816). - i40e/i40evf: Only track one ITR setting per ring instead of Tx/Rx (bsc#1101816). - i40e/i40evf: organize and re-number feature flags (bsc#1101816 ). - i40e/i40evf: Record ITR register location in the q_vector (bsc#1101816). - i40e/i40evf: rename bytes_per_int to bytes_per_usec (bsc#1101816 ). - i40e/i40evf: Split container ITR into current_itr and target_itr (bsc#1101816). - i40e/i40evf: Update DESC_NEEDED value to reflect larger value (bsc#1101816). - i40e/i40evf: use DECLARE_BITMAP for state (bsc#1101816 ). - i40e/i40evf: Use ring pointers to clean up _set_itr_per_queue (bsc#1101816). - i40e/i40evf: use SW variables for hang detection (bsc#1101816 ). - i40e/i40evf: Use usec value instead of reg value for ITR defines (bsc#1101816). - i40e: ignore skb->xmit_more when deciding to set RS bit (bsc#1101816). - i40e: implement split PCI error reset handler (bsc#1101816 ). - i40e: limit lan queue count in large CPU count machine (bsc#1101816). - i40e: make const array patterns static, reduces object code size (bsc#1101816). - i40e: make i40evf_map_rings_to_vectors void (bsc#1101816 ). - i40e: make use of i40e_vc_disable_vf (bsc#1101816). - i40e: mark PM functions as __maybe_unused (bsc#1101816 ). - i40e: move AUTO_DISABLED flags into the state field (bsc#1101816 ). - i40e: move client flags into state bits (bsc#1101816). - i40e: move I40E_FLAG_FILTER_SYNC to a state bit (bsc#1101816 ). - i40e: move I40E_FLAG_TEMP_LINK_POLLING to state field (bsc#1101816). - i40e: move I40E_FLAG_UDP_FILTER_SYNC to the state field (bsc#1101816). - i40e: prevent service task from running while we're suspended (bsc#1101816). - i40e: Prevent setting link speed on I40E_DEV_ID_25G_B (bsc#1101816). - i40e: Prevent setting link speed on KX_X722 (bsc#1101816 ). - i40e: Properly maintain flow director filters list (bsc#1101816 ). - i40e: redfine I40E_PHY_TYPE_MAX (bsc#1101816). - i40e: reduce lrxqthresh from 2 to 1 (bsc#1101816). - i40e: re-enable PTP L4 capabilities for XL710 if FW >6.0 (bsc#1101816). - i40e: refactor FW version checking (bsc#1101816). - i40e: refactor promisc_changed in i40e_sync_vsi_filters (bsc#1101816). - i40e: relax warning message in case of version mismatch (bsc#1101816). - i40e: remove duplicate pfc stats (bsc#1101816). - i40e: remove i40e_fcoe files (bsc#1101816). - i40e: remove ifdef SPEED_25000 (bsc#1101816). - i40e: Remove limit of 64 max queues per channel (bsc#1101816 ). - i40e: remove logically dead code (bsc#1101816). - i40e: remove redundant initialization of read_size (bsc#1101816 ). - i40e: rename 'change' variable to 'autoneg_changed' (bsc#1101816 ). - i40e: rename 'cmd' variables in ethtool interface (bsc#1101816 ). - i40e: re-number feature flags to remove gaps (bsc#1101816 ). - i40e: restore promiscuous after reset (bsc#1101816). - i40e: restore TCPv4 input set when re-enabling ATR (bsc#1101816 ). - i40e: Retry AQC GetPhyAbilities to overcome I2CRead hangs (bsc#1101816). - i40e: shutdown all IRQs and disable MSI-X when suspended (bsc#1101816). - i40e: simplify member variable accesses (bsc#1101816). - i40e: split i40e_get_strings() into smaller functions (bsc#1101816). - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (bsc#1101816 ). - i40e: stop using cmpxchg flow in i40e_set_priv_flags() (bsc#1101816). - i40e: track filter type statistics when deleting invalid filters (bsc#1101816). - i40e: track id can be 0 (bsc#1101816). - i40e: update data pointer directly when copying to the buffer (bsc#1101816). - i40e: update VFs of link state after GET_VF_RESOURCES (bsc#1101816). - i40e: use admin queue for setting LEDs behavior (bsc#1101816 ). - i40e: use a local variable instead of calculating multiple times (bsc#1101816). - i40e: use newer generic PM support instead of legacy PM callbacks (bsc#1101816). - i40e: use separate state bit for miscellaneous IRQ setup (bsc#1101816). - i40e: use the more traditional 'i' loop variable (bsc#1101816 ). - i40e: use WARN_ONCE to replace the commented BUG_ON size check (bsc#1101816). - i40evf: Allow turning off offloads when the VF has VLAN set (bsc#1101816). - i40evf: Clean-up flags for promisc mode to avoid high polling rate (bsc#1101816). - i40evf: Correctly populate rxitr_idx and txitr_idx (bsc#1101816 ). - i40evf: Do not clear MSI-X PBA manually (bsc#1101816). - i40evf: Drop i40evf_fire_sw_int as it is prone to races (bsc#1101816). - i40evf: enable support for VF VLAN tag stripping control (bsc#1101816). - i40evf: Enable VF to request an alternate queue allocation (bsc#1101816). - i40evf: Fix a hardware reset support in VF driver (bsc#1101816 ). - i40evf: fix client notify of l2 params (bsc#1101816). - i40evf: Fix double locking the same resource (bsc#1101816 ). - i40evf: Fix link up issue when queues are disabled (bsc#1101816 ). - i40evf: fix ring to vector mapping (bsc#1101816). - i40evf: Fix turning TSO, GSO and GRO on after (bsc#1101816 ). - i40evf: hold the critical task bit lock while opening (bsc#1101816). - i40evf: lower message level (bsc#1101816). - i40evf: Make VF reset warning message more clear (bsc#1101816 ). - i40evf: release bit locks in reverse order (bsc#1101816 ). - i40evf: remove flags that are never used (bsc#1101816 ). - i40evf: remove flush_scheduled_work call in i40evf_remove (bsc#1101816). - i40evf: Replace GFP_ATOMIC with GFP_KERNEL in i40evf_add_vlan (bsc#1101816). - i40evf: Use an iterator of the same type as the list (bsc#1101816). - i40evf: use __dev_c_sync routines in .set_rx_mode (bsc#1101816 ). - i40evf: use GFP_ATOMIC under spin lock (bsc#1101816). - i40evf: use spinlock to protect (mac|vlan)_filter_list (bsc#1101816). - i40e/virtchnl: fix application of sizeof to pointer (bsc#1101816 ). - i40iw: Fix memory leak in error path of create QP (bsc#1058659 ). - i40iw: Refactor of driver generated AEs (bsc#1058659 ). - i40iw: Tear-down connection after CQP Modify QP failure (bsc#1058659). - i40iw: Use correct address in dst_neigh_lookup for IPv6 (bsc#1058659). - ib/core: Fix error code for invalid GID entry (bsc#1046306 ). - ib/core: Honor port_num while resolving GID for IB link layer (bsc#1046306). - ib/core: Make ib_mad_client_id atomic (bsc#1046306). - ib/core: Make testing MR flags for writability a static inline function (bsc#1046306). - ib/core: Remove duplicate declaration of gid_cache_wq (bsc#1046306). - ib/hfi1: Add bypass register defines and replace blind constants (bsc#1060463). - ib/hfi1: Fix fault injection init/exit issues (bsc#1060463 ). - ib/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values (bsc#1060463). - ib/hfi1: Fix user context tail allocation for DMA_RTAIL (bsc#1060463). - ib/hfi1: Return actual error value from program_rcvarray() (bsc#1060463). - ib/iser: Do not reduce max_sectors (bsc#1046306). - ib/isert: Fix for lib/dma_debug check_sync warning (bsc#1046306 ). - ib/isert: fix T10-pi check mask setting (bsc#1046306 ). - ib/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' (bsc#1046302). - ib/mlx4: Mark user MR as writable if actual virtual memory is writable (bsc#1046302). - ib/mlx5: Fetch soft WQE's on fatal error state (bsc#1046305 ). - ib/mlx5: Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046305). - ibmvnic: Fix error recovery on login failure (bsc#1101789). - ib/qedr: Remove GID add/del dummy routines (bsc#1086314 bsc#1086313 bsc#1086301). - ib/rxe: add RXE_START_MASK for rxe_opcode IB_OPCODE_RC_SEND_ONLY_INV (bsc#1046306). - ib/rxe: avoid double kfree_skb (bsc#1046306). - ib/rxe: Fix for oops in rxe_register_device on ppc64le arch (bsc#1046306). - ib/umem: Use the correct mm during ib_umem_release (bsc#1046306 ). - ib/uverbs: Fix possible oops with duplicate ioctl attributes (bsc#1046306). - igb: Fix not adding filter elements to the list (bsc#1056651 ). - igb: Fix queue selection on MAC filters on i210 (bsc#1056651 ). - iio: accel: st_accel: fix data-ready line configuration (bsc#1051510). - iio: accel: st_accel_i2c: fix i2c_device_id table (bsc#1051510). - iio: accel: st_accel_spi: fix spi_device_id table (bsc#1051510). - iio: adc: sun4i-gpadc-iio: fix unbalanced irq enable/disable (bsc#1051510). - iio: adc: twl4030: Return an error if we can not enable the vusb3v1 regulator in 'twl4030_madc_probe()' (bsc#1051510). - iio: BME280: Updates to Humidity readings need ctrl_reg write! (bsc#1051510). - iio: gyro: st_gyro: fix L3GD20H support (bsc#1051510). - iio: humidity: hts221: remove warnings in hts221_parse_{temp,rh}_caldata() (bsc#1051510). - iio: imu: inv_mpu6050: test whoami first and against all known values (bsc#1051510). - iio: magnetometer: st_magn_core: enable multiread by default for LIS3MDL (bsc#1051510). - iio: magnetometer: st_magn: fix drdy line configuration for LIS3MDL (bsc#1051510). - iio: magnetometer: st_magn_spi: fix spi_device_id table (bsc#1051510). - iio: pressure: bmp280: fix relative humidity unit (bsc#1051510). - iio: pressure: st_pressure: fix drdy configuration for LPS22HB and LPS25H (bsc#1051510). - iio: pressure: zpa2326: Remove always-true check which confuses gcc (bsc#1051510). - iio: pressure: zpa2326: report interrupted case as failure (bsc#1051510). - iio: trigger: stm32-timer: fix quadrature mode get routine (bsc#1051510). - iio: trigger: stm32-timer: fix write_raw return value (bsc#1051510). - iio: tsl2583: correct values in integration_time_available (bsc#1051510). - infiniband: fix a possible use-after-free bug (bsc#1046306 ). - input: elan_i2c - add ACPI ID for lenovo ideapad 330 (bsc#1051510). - input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST (bsc#1051510). - input: i8042 - add Lenovo LaVie Z to the i8042 reset list (bsc#1051510). - iommu/vt-d: Clear Page Request Overflow fault bit (). - ip6_tunnel: remove magic mtu value 0xFFF8 (networking-stable-18_06_08). - ipc/shm: fix use-after-free of shm file via remap_file_pages() (bnc#1102512). - ipmr: properly check rhltable_init() return value (networking-stable-18_06_08). - ipv4: remove warning in ip_recv_error (networking-stable-18_06_08). - ipv6: allow PMTU exceptions to local routes (networking-stable-18_06_20). - ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline (networking-stable-18_06_08). - iw_cxgb4: Add ib_device->get_netdev support (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - iw_cxgb4: correctly enforce the max reg_mr depth (bsc#1046543 ). - iw_cxgb4: initialize ib_mr fields for user mrs (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - iwlwifi: pcie: fix race in Rx buffer allocator (bsc#1051510). - ixgbe: add counter for times Rx pages gets allocated, not recycled (bsc#1101674). - ixgbe: add error checks when initializing the PHY (bsc#1101674 ). - ixgbe: Add receive length error counter (bsc#1101674). - ixgbe: add status reg reads to ixgbe_check_remove (bsc#1101674 ). - ixgbe: Add support for macvlan offload RSS on X550 and clean-up pool handling (bsc#1101674). - ixgbe: add support for reporting 5G link speed (bsc#1101674 ). - ixgbe: advertise highest capable link speed (bsc#1101674 ). - ixgbe: Assume provided MAC filter has been verified by macvlan (bsc#1101674). - ixgbe: avoid bringing rings up/down as macvlans are added/removed (bsc#1101674). - ixgbe: Avoid to write the RETA table when unnecessary (bsc#1101674). - ixgbe: Clear SWFW_SYNC register during init (bsc#1101674 ). - ixgbe: declare ixgbe_mac_operations structures as const (bsc#1101674). - ixgbe: Default to 1 pool always being allocated (bsc#1101674 ). - ixgbe: Do not assume dev->num_tc is equal to hardware TC config (bsc#1101674). - ixgbe: Do not manipulate macvlan Tx queues when performing macvlan offload (bsc#1101674). - ixgbe: Do not report unsupported timestamping filters for X550 (bsc#1101674). - ixgbe: Drop l2_accel_priv data pointer from ring struct (bsc#1101674). - ixgbe: Drop support for macvlan specific unicast lists (bsc#1101674). - ixgbe: enable multicast on shutdown for WOL (bsc#1101674 ). - ixgbe: extend firmware version support (bsc#1101674). - ixgbe: Fix && vs || typo (bsc#1101674). - ixgbe: fix crash when injecting AER after failed reset (bsc#1101674). - ixgbe: fix disabling hide VLAN on VF reset (bsc#1101674 ). - ixgbe: Fix handling of macvlan Tx offload (bsc#1101674 ). - ixgbe: Fix interaction between SR-IOV and macvlan offload (bsc#1101674). - ixgbe: Fix kernel-doc format warnings (bsc#1101674). - ixgbe: Fix limitations on macvlan so we can support up to 63 offloaded devices (bsc#1101674). - ixgbe: fix possible race in reset subtask (bsc#1101674 ). - ixgbe: fix read-modify-write in x550 phy setup (bsc#1101674 ). - ixgbe: Fix setting of TC configuration for macvlan case (bsc#1101674). - ixgbe: fix the FWSM.PT check in ixgbe_mng_present() (bsc#1101674 ). - ixgbe/fm10k: Record macvlan stats instead of Rx queue for macvlan offloaded rings (bsc#1101674). - ixgbe: force VF to grab new MAC on driver reload (bsc#1101674 ). - ixgbe: introduce a helper to simplify code (bsc#1101674 ). - ixgbe/ixgbevf: Free IRQ when PCI error recovery removes the device (bsc#1101674). - ixgbe: Perform reinit any time number of VFs change (bsc#1101674 ). - ixgbe: Remove an obsolete comment about ITR (bsc#1101674 ). - ixgbe: remove redundant initialization of 'pool' (bsc#1101674 ). - ixgbe: remove unused enum latency_range (bsc#1101674). - ixgbe: restore normal RSS after last macvlan offload is removed (bsc#1101674). - ixgbe: return error on unsupported SFP module when resetting (bsc#1101674). - ixgbe: split Tx/Rx ring clearing for ethtool loopback test (bsc#1101674). - ixgbe: There is no need to update num_rx_pools in L2 fwd offload (bsc#1101674). - ixgbe: Update adaptive ITR algorithm (bsc#1101674). - ixgbe: use ARRAY_SIZE for array sizing calculation on array buf (bsc#1101674). - ixgbe: Use ring values to test for Tx pending (bsc#1101674 ). - ixgbevf: add build_skb support (bsc#1101674). - ixgbevf: add counters for Rx page allocations (bsc#1101674 ). - ixgbevf: add ethtool private flag for legacy Rx (bsc#1101674 ). - ixgbevf: add function for checking if we can reuse page (bsc#1101674). - ixgbevf: add support for DMA_ATTR_SKIP_CPU_SYNC/WEAK_ORDERING (bsc#1101674). - ixgbevf: add support for padding packet (bsc#1101674). - ixgbevf: add support for using order 1 pages to receive large frames (bsc#1101674). - ixgbevf: allocate the rings as part of q_vector (bsc#1101674 ). - ixgbevf: break out Rx buffer page management (bsc#1101674 ). - ixgbevf: clear rx_buffer_info in configure instead of clean (bsc#1101674). - ixgbevf: do not bother clearing tx_buffer_info in ixgbevf_clean_tx_ring() (bsc#1101674). - ixgbevf: fix ixgbevf_xmit_frame()'s return type (bsc#1101674 ). - ixgbevf: Fix kernel-doc format warnings (bsc#1101674). - ixgbevf: fix MAC address changes through ixgbevf_set_mac() (bsc#1101674). - ixgbevf: fix possible race in the reset subtask (bsc#1101674 ). - ixgbevf: fix unused variable warning (bsc#1101674). - ixgbevf: improve performance and reduce size of ixgbevf_tx_map() (bsc#1101674). - ixgbevf: make sure all frames fit minimum size requirements (bsc#1101674). - ixgbevf: only DMA sync frame length (bsc#1101674). - ixgbevf: remove redundant initialization of variable 'dma' (bsc#1101674). - ixgbevf: remove redundant setting of xcast_mode (bsc#1101674 ). - ixgbevf: setup queue counts (bsc#1101674). - ixgbevf: update code to better handle incrementing page count (bsc#1101674). - ixgbevf: use ARRAY_SIZE for various array sizing calculations (bsc#1101674). - ixgbevf: use length to determine if descriptor is done (bsc#1101674). - ixgbevf: use page_address offset from page (bsc#1101674 ). - jump_label: Add branch hints to static_branch_{un,}likely() (bnc#1101669 optimise numa balancing for fast migrate). - kabi cxgb4 MU (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - kcm: Fix use-after-free caused by clonned sockets (networking-stable-18_06_08). - kernel/params.c: downgrade warning for unsafe parameters (bsc#1051510). - keys: DNS: fix parsing multiple options (bsc#1051510). - kvm: PPC: Check if IOMMU page is contained in the pinned physical page (bsc#1077761, git-fixes). - kvm: x86: fix vcpu initialization with userspace lapic (bsc#1101564). - kvm: x86: move LAPIC initialization after VMCS creation (bsc#1101564). - libnvdimm: add an api to cast a 'struct nd_region' to its 'struct device' (bsc#1094119). - libnvdimm, label: fix index block size calculation (bsc#1102147). - mailbox: bcm2835: Fix of_xlate return value (bsc#1051510). - mailbox: PCC: erroneous error message when parsing ACPI PCCT (bsc#1096330). - mdio-sun4i: Fix a memory leak (bsc#1051510). - media: coda/imx-vdoa: Check for platform_get_resource() error (bsc#1051510). - media: cx25840: Use subdev host data for PLL override (bsc#1051510). - media: cx88: Get rid of spurious call to cx8800_start_vbi_dma() (bsc#1051510). - media: cxusb: restore RC_MAP for MyGica T230 (bsc#1051510). - media: dt-bindings: media: rcar_vin: Use status 'okay' (bsc#1051510). - media: dvb-core: always call invoke_release() in fe_free() (bsc#1051510). - media: dvb_frontend: fix ifnullfree.cocci warnings (bsc#1051510). - media: dvb_frontend: only use kref after initialized (bsc#1051510). - media: dvb_net: ensure that dvb_net_ule_handle is fully initialized (bsc#1051510). - media: media-device: fix ioctl function types (bsc#1051510). - media: mxl111sf: Fix potential NULL pointer dereference (bsc#1051510). - media: omap3isp/isp: remove an unused static var (bsc#1051510). - media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() (bsc#1051510). - media: s5p-jpeg: fix number of components macro (bsc#1051510). - media: s5p-mfc: Fix lock contention - request_firmware() once (bsc#1051510). - media: saa7164: Fix driver name in debug output (bsc#1051510). - media: si470x: fix __be16 annotations (bsc#1051510). - media: siano: get rid of __le32/__le16 cast warnings (bsc#1051510). - media: staging: omap4iss: Include asm/cacheflush.h after generic includes (bsc#1051510). - media: tw686x: Fix incorrect vb2_mem_ops GFP flags (bsc#1051510). - media: vivid: potential integer overflow in vidioc_g_edid() (bsc#1051510). - mfd: tps65218: Reorder tps65218_regulator_id enum (bsc#1051510). - mfd: tps65911-comparator: Fix a build error (bsc#1051510). - mfd: tps65911-comparator: Fix an off by one bug (bsc#1051510). - mlxsw: spectrum: Forbid creation of VLAN 1 over port/LAG (networking-stable-18_06_08). - mmc: cavium: Fix use-after-free in of_platform_device_destroy (bsc#1051510). - mmc: dw_mmc: fix card threshold control configuration (bsc#1051510). - mmc: dw_mmc: update actual clock for mmc debugfs (bsc#1051510). - mmc: meson-gx: remove CLK_DIVIDER_ALLOW_ZERO clock flag (bsc#1051510). - mmc: pwrseq: Use kmalloc_array instead of stack VLA (bsc#1051510). - mmc: sdhci-msm: fix issue with power irq (bsc#1051510). - mmc: sdhci-of-esdhc: disable SD clock for clock value 0 (bsc#1051510). - mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec (bsc#1051510). - mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb (bsc#1051510). - mmc: sdhci-xenon: Fix clock resource by adding an optional bus clock (bsc#1051510). - mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable (bsc#1051510). - mmc: tmio: remove outdated comment (bsc#1051510). - modsign: log module name in the event of an error (bsc#1093666). - modsign: print module name along with error message (bsc#1093666). - module: make it clear when we're handling the module copy in info->hdr (bsc#1093666). - module: setup load info before module_sig_check() (bsc#1093666). - mvpp2: fix multicast address filter (bsc#1098633). - mwifiex: correct histogram data with appropriate index (bsc#1051510). - mwifiex: handle race during mwifiex_usb_disconnect (bsc#1051510). - net: add rb_to_skb() and other rb tree helpers (bsc#1102340). - net: cxgb3_main: fix potential Spectre v1 (bsc#1046533 ). - net: define the TSO header size in net/tso.h (bsc#1098633). - netdev-FAQ: clarify DaveM's position for stable backports (networking-stable-18_06_08). - net: dsa: add error handling for pskb_trim_rcsum (networking-stable-18_06_20). - net: ethernet: davinci_emac: fix error handling in probe() (networking-stable-18_06_08). - net: ethernet: ti: cpdma: correct error handling for chan create (networking-stable-18_06_08). - net: ethtool: Add macro to clear a link mode setting (bsc#1101816). - net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan (networking-stable-18_06_20). - net: ipv4: add missing RTA_TABLE to rtm_ipv4_policy (networking-stable-18_06_08). - net: metrics: add proper netlink validation (networking-stable-18_06_08). - net/mlx4_core: Fix error handling in mlx4_init_port_info (bsc#1046300). - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper (bsc#1046300). - net/mlx4_en: Do not reuse RX page when XDP is set (bsc#1046299 ). - net/mlx4: Fix irq-unsafe spinlock usage (networking-stable-18_06_08). - net/mlx5: Adjust clock overflow work period (bsc#1046303). - net/mlx5e: Do not allow aRFS for encapsulated packets (bsc#1046303). - net/mlx5e: Do not attempt to dereference the ppriv struct if not being eswitch manager (bsc#1046300). - net/mlx5e: Fix quota counting in aRFS expire flow (bsc#1046303 ). - net/mlx5e: Refine ets validation function (bsc#1075360). - net/mlx5e: Remove redundant vport context vlan update (bsc#1046303). - net/mlx5: Eswitch, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303). - net/mlx5e: When RXFCS is set, add FCS data into checksum calculation (networking-stable-18_06_08). - net/mlx5: Fix command interface race in polling mode (bsc#1046300). - net/mlx5: Fix dump_command mailbox length printed (bsc#1046303 ). - net/mlx5: Fix incorrect raw command length parsing (bsc#1046300 ). - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster (bsc#1046300). - net/mlx5: FPGA, Call DMA unmap with the right size (bsc#1046303 ). - net/mlx5: Free IRQs in shutdown path (bsc#1046303). - net/mlx5: IPSec, Fix a race between concurrent sandbox QP commands (bsc#1046303). - net/mlx5: Properly deal with flow counters when deleting rules (bsc#1046303). - net/mlx5: Protect from command bit overflow (bsc#1046303 ). - net/mlx5: Refactor num of blocks in mailbox calculation (bsc#1046303). - net/mlx5: Vport, Use 'kvfree()' for memory allocated by 'kvzalloc()' (bsc#1046303). - net: mvmdio: add xmdio xsmi support (bsc#1098633). - net: mvmdio: check the MII_ADDR_C45 bit is not set for smi operations (bsc#1098633). - net: mvmdio: introduce an ops structure (bsc#1098633). - net: mvmdio: put the poll intervals in the ops structure (bsc#1098633). - net: mvmdio: remove duplicate locking (bsc#1098633). Refresh patches.suse/net-mvmdio-disable-unprepare-clocks-in-EPRO BE_DEFER-.patch. - net: mvmdio: reorder headers alphabetically (bsc#1098633). - net: mvmdio: simplify the smi read and write error paths (bsc#1098633). - net: mvmdio: use GENMASK for masks (bsc#1098633). - net: mvmdio: use tabs for defines (bsc#1098633). - net: mvpp2: add comments about smp_processor_id() usage (bsc#1098633). - net: mvpp2: add ethtool GOP statistics (bsc#1098633). - net: mvpp2: Add hardware offloading for VLAN filtering (bsc#1098633). - net: mvpp2: add support for TX interrupts and RX queue distribution modes (bsc#1098633). - net: mvpp2: Add support for unicast filtering (bsc#1098633). - net: mvpp2: adjust the coalescing parameters (bsc#1098633). - net: mvpp2: align values in ethtool get_coalesce (bsc#1098633). - net: mvpp2: allocate zeroed tx descriptors (bsc#1098633). - net: mvpp2: check ethtool sets the Tx ring size is to a valid min value (bsc#1098633). - net: mvpp2: cleanup probed ports in the probe error path (bsc#1098633). - net: mvpp2: do not call txq_done from the Tx path when Tx irqs are used (bsc#1098633). - net: mvpp2: do not disable GMAC padding (bsc#1098633). - net: mvpp2: do not select the internal source clock (bsc#1098633). - net: mvpp2: do not set GMAC autoneg when using XLG MAC (bsc#1098633). - net: mvpp2: do not sleep in set_rx_mode (bsc#1098633). - net: mvpp2: do not unmap TSO headers buffers (bsc#1098633). - net: mvpp2: Do not use dynamic allocs for local variables (bsc#1098633). - net: mvpp2: dynamic reconfiguration of the comphy/GoP/MAC (bsc#1098633). - net: mvpp2: enable ACPI support in the driver (bsc#1098633). - net: mvpp2: enable basic 10G support (bsc#1098633). - net: mvpp2: enable UDP/TCP checksum over IPv6 (bsc#1098633). - net: mvpp2: fallback using h/w and random mac if the dt one isn't valid (bsc#1098633). - net: mvpp2: Fix clk error path in mvpp2_probe (bsc#1098633). - net: mvpp2: Fix clock resource by adding an optional bus clock (bsc#1098633). - net: mvpp2: Fix clock resource by adding missing mg_core_clk (bsc#1098633). - net: mvpp2: Fix DMA address mask size (bsc#1098633). - net: mvpp2: fix GOP statistics loop start and stop conditions (bsc#1098633). - net: mvpp2: fix invalid parameters order when calling the tcam init (bsc#1098633). - net: mvpp2: fix MVPP21_ISR_RXQ_GROUP_REG definition (bsc#1098633). - net: mvpp2: Fix parser entry init boundary check (bsc#1098633). - net: mvpp2: fix parsing fragmentation detection (bsc#1098633). - net: mvpp2: fix port list indexing (bsc#1098633). - net: mvpp2: Fix TCAM filter reserved range (bsc#1098633). - net: mvpp2: fix the packet size configuration for 10G (bsc#1098633). - net: mvpp2: fix the RSS table entry offset (bsc#1098633). - net: mvpp2: fix the synchronization module bypass macro name (bsc#1098633). - net: mvpp2: fix the txq_init error path (bsc#1098633). - net: mvpp2: fix TSO headers allocation and management (bsc#1098633). - net: mvpp2: fix typo in the tcam setup (bsc#1098633). - net: mvpp2: fix use of the random mac address for PPv2.2 (bsc#1098633). - net: mvpp2: improve the link management function (bsc#1098633). - net: mvpp2: initialize the comphy (bsc#1098633). - net: mvpp2: initialize the GMAC when using a port (bsc#1098633). - net: mvpp2: initialize the GoP (bsc#1098633). - net: mvpp2: initialize the RSS tables (bsc#1098633). - net: mvpp2: initialize the Tx FIFO size (bsc#1098633). - net: mvpp2: initialize the XLG MAC when using a port (bsc#1098633). - net: mvpp2: introduce per-port nrxqs/ntxqs variables (bsc#1098633). - net: mvpp2: introduce queue_vector concept (bsc#1098633). - net: mvpp2: jumbo frames support (bsc#1098633). - net: mvpp2: limit TSO segments and use stop/wake thresholds (bsc#1098633). - net: mvpp2: Make mvpp2_prs_hw_read a parser entry init function (bsc#1098633). - net: mvpp2: make the phy optional (bsc#1098633). - net: mvpp2: move from cpu-centric naming to 'software thread' naming (bsc#1098633). - net: mvpp2: move the mac retrieval/copy logic into its own function (bsc#1098633). - net: mvpp2: move the mii configuration in the ndo_open path (bsc#1098633). - net: mvpp2: mvpp2_check_hw_buf_num() can be static (bsc#1098633). - net: mvpp2: only free the TSO header buffers when it was allocated (bsc#1098633). - net: mvpp2: Prevent userspace from changing TX affinities (bsc#1098633). - net: mvpp2: remove mvpp2_pool_refill() (bsc#1098633). - net: mvpp2: remove RX queue group reset code (bsc#1098633). - net: mvpp2: remove unused mvpp2_bm_cookie_pool_set() function (bsc#1098633). - net: mvpp2: remove useless goto (bsc#1098633). - net: mvpp2: report the tx-usec coalescing information to ethtool (bsc#1098633). - net: mvpp2: set maximum packet size for 10G ports (bsc#1098633). - net: mvpp2: set the Rx FIFO size depending on the port speeds for PPv2.2 (bsc#1098633). - net: mvpp2: Simplify MAC filtering function parameters (bsc#1098633). - net: mvpp2: simplify maintaining enabled ports' list (bsc#1098633). - net: mvpp2: simplify the link_event function (bsc#1098633). - net: mvpp2: simplify the Tx desc set DMA logic (bsc#1098633). - net: mvpp2: software tso support (bsc#1098633). - net: mvpp2: split the max ring size from the default one (bsc#1098633). - net: mvpp2: take advantage of the is_rgmii helper (bsc#1098633). - net: mvpp2: unify register definitions coding style (bsc#1098633). - net: mvpp2: unify the txq size define use (bsc#1098633). - net: mvpp2: update the BM buffer free/destroy logic (bsc#1098633). - net: mvpp2: use a data size of 10kB for Tx FIFO on port 0 (bsc#1098633). - net: mvpp2: use correct index on array mvpp2_pools (bsc#1098633). - net: mvpp2: use device_*/fwnode_* APIs instead of of_* (bsc#1098633). - net: mvpp2: Use relaxed I/O in data path (bsc#1098633). - net: mvpp2: use the aggr txq size define everywhere (bsc#1098633). - net: mvpp2: use the GoP interrupt for link status changes (bsc#1098633). - net: mvpp2: use the same buffer pool for all ports (bsc#1098633). - net/packet: refine check for priv area size (networking-stable-18_06_08). - net: phy: add XAUI and 10GBASE-KR PHY connection types (bsc#1098633). - net: phy: broadcom: Fix auxiliary control register reads (networking-stable-18_06_08). - net: phy: broadcom: Fix bcm_write_exp() (networking-stable-18_06_08). - net: phy: dp83822: use BMCR_ANENABLE instead of BMSR_ANEGCAPABLE for DP83620 (networking-stable-18_06_20). - net: qed: use correct strncpy() size (bsc#1086314 bsc#1086313 bsc#1086301). - net/sched: act_simple: fix parsing of TCA_DEF_DATA (networking-stable-18_06_20). - net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used (bsc#1056787). - net/sched: fix NULL dereference in the error path of tcf_sample_init() (bsc#1056787). - net: sched: red: avoid hashing NULL child (bsc#1056787). - net-sysfs: Fix memory leak in XPS configuration (networking-stable-18_06_08). - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP (networking-stable-18_06_08). - nfc: nfcmrvl_uart: fix device-node leak during probe (bsc#1051510). - nfc: pn533: Fix wrong GFP flag usage (bsc#1051510). - nfit, address-range-scrub: add module option to skip initial ars (bsc#1094119). - nfit, address-range-scrub: determine one platform max_ars value (bsc#1094119). - nfit, address-range-scrub: fix scrub in-progress reporting (bsc#1051510). - nfit, address-range-scrub: introduce nfit_spa->ars_state (bsc#1094119). - nfit, address-range-scrub: rework and simplify ARS state machine (bsc#1094119). - nfit: fix region registration vs block-data-window ranges (bsc#1051510). - nfit: fix unchecked dereference in acpi_nfit_ctl (bsc#1051510). - nvme: add ANA support (bsc#1054245). - nvme: add bio remapping tracepoint (bsc#1054245). - nvme: centralize ctrl removal prints (bsc#1054245). - nvme: cleanup double shift issue (bsc#1054245). - nvme: do not enable AEN if not supported (bsc#1077989). - nvme: do not hold nvmf_transports_rwsem for more than transport lookups (bsc#1054245). - nvme: do not rely on the changed namespace list log (bsc#1054245). - nvme: enforce 64bit offset for nvme_get_log_ext fn (bsc#1054245). - nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD (). - nvme: Fix sync controller reset return (bsc#1077989). - nvme: fix use-after-free in nvme_free_ns_head (bsc#1054245). - nvme: guard additional fields in nvme command structures (bsc#1054245). - nvme.h: add AEN configuration symbols (bsc#1054245). - nvme.h: add ANA definitions (bsc#1054245). - nvme.h: add support for the log specific field (bsc#1054245). - nvme.h: add the changed namespace list log (bsc#1054245). - nvme: host: core: fix precedence of ternary operator (bsc#1054245). - nvme.h: untangle AEN notice definitions (bsc#1054245). - nvme: if_ready checks to fail io to deleting controller (bsc#1077989). - nvme: implement log page low/high offset and dwords (bsc#1054245). - nvme: kabi fixes for nvme_ctrl (bsc#1054245). - nvme: kABI fixes for nvmet_ctrl (bsc#1054245). - nvme: kABI fix for ANA support in nvme_ctrl (bsc#1054245). - nvme-loop: add support for multiple ports (bsc#1054245). - nvme: make nvme_get_log_ext non-static (bsc#1054245). - nvme: mark nvme_queue_scan static (bsc#1054245). - nvme/multipath: Disable runtime writable enabling parameter (bsc#1054245). - nvme: partially revert 'nvme: remove nvme_req_needs_failover' (bsc#1054245). - nvme: reintruduce nvme_get_log_ext() (bsc#1054245). - nvme: remove nvme_req_needs_failover (bsc#1054245). - nvme: simplify the API for getting log pages (bsc#1054245). - nvme: submit AEN event configuration on startup (bsc#1054245). - nvmet: add AEN configuration support (bsc#1054245). - nvmet: add a new nvmet_zero_sgl helper (bsc#1054245). - nvmet: add minimal ANA support (bsc#1054245). - nvmet: constify struct nvmet_fabrics_ops (bsc#1054245). - nvmet-fc: fix target sgl list on large transfers (). - nvmet: filter newlines from user input (bsc#1054245). - nvmet: fixup crash on NULL device path (bsc#1054245). - nvmet: implement the changed namespaces log (bsc#1054245). - nvmet: kABI fixes for ANA support (bsc#1054245). - nvmet: keep a port pointer in nvmet_ctrl (bsc#1054245). - nvmet: mask pending AENs (bsc#1054245). - nvmet: reset keep alive timer in controller enable (bsc#1054245). - nvmet: return all zeroed buffer when we can't find an active namespace (bsc#1054245). - nvmet: split log page implementation (bsc#1054245). - nvmet: support configuring ANA groups (bsc#1054245). - nvmet: track and limit the number of namespaces per subsystem (1054245). - nvmet: use Retain Async Event bit to clear AEN (bsc#1054245). - nvme: use the changed namespaces list log to clear ns data changed AENs (bsc#1054245). - of: fix DMA mask generation (bsc#1051510). - of: Make of_fwnode_handle() safer (bsc#1098633). - of/pci: Fix theoretical NULL dereference (bsc#1051510). - of: restrict DMA configuration (bsc#1051510). - pci: Account for all bridges on bus when distributing bus numbers (bsc#1100132). - pci: altera: Fix bool initialization in tlp_read_packet() (bsc#1051510). - pci: dwc: Fix enumeration end when reaching root subordinate (bsc#1100132). - pci: endpoint: Fix kernel panic after put_device() (bsc#1051510). - pci: endpoint: Populate func_no before calling pci_epc_add_epf() (bsc#1051510). - pci: exynos: Fix a potential init_clk_resources NULL pointer dereference (bsc#1051510). - pci: faraday: Fix of_irq_get() error check (bsc#1051510). - pci: ibmphp: Fix use-before-set in get_max_bus_speed() (bsc#1051510). - pci: pciehp: Assume NoCompl+ for Thunderbolt ports (bsc#1051510). - pci: pciehp: Request control of native hotplug only if supported (bsc#1051510). - pci: Prevent sysfs disable of device while driver is attached (bsc#1051510). - pci: shpchp: Fix AMD POGO identification (bsc#1051510). - perf intel-pt: Always set no branch for dummy event (bsc#1087217). - perf intel-pt: Set no_aux_samples for the tracking event (bsc#1087217). - perf/x86: Fix data source decoding for Skylake (). - perf/x86/intel/uncore: Add event constraint for BDX PCU (bsc#1087202). - perf/x86/intel/uncore: Fix missing marker for skx_uncore_cha_extra_regs (bsc#1087233). - perf/x86/intel/uncore: Fix SKX CHA event extra regs (bsc#1087233). - perf/x86/intel/uncore: Fix Skylake server CHA LLC_LOOKUP event umask (bsc#1087233). - perf/x86/intel/uncore: Fix Skylake server PCU PMU event format (bsc#1087233). - perf/x86/intel/uncore: Fix Skylake UPI PMU event masks (bsc#1087233). - perf/x86/intel/uncore: Remove invalid Skylake server CHA filter field (bsc#1087233). - phy: add sgmii and 10gkr modes to the phy_mode enum (bsc#1098633). - pinctrl: at91-pio4: add missing of_node_put (bsc#1051510). - pinctrl: bcm2835: Avoid warning from __irq_do_set_handler (bsc#1051510). - pinctrl: imx: fix debug message for SHARE_MUX_CONF_REG case (bsc#1051510). - pinctrl: intel: Initialize GPIO properly when used through irqchip (bsc#1087092). - pinctrl: intel: Read back TX buffer state (bsc#1051510). - pinctrl: meson-gxbb: remove non-existing pin GPIOX_22 (bsc#1051510). - pinctrl: meson-gxl: Fix typo in AO I2S pins (bsc#1051510). - pinctrl: meson-gxl: Fix typo in AO SPDIF pins (bsc#1051510). - pinctrl: mvebu: use correct MPP sel value for dev pins (bsc#1051510). - pinctrl: nand: meson-gxbb: fix missing data pins (bsc#1051510). - pinctrl: nsp: Fix potential NULL dereference (bsc#1051510). - pinctrl: nsp: off by ones in nsp_pinmux_enable() (bsc#1100132). - pinctrl: pinctrl-single: Fix pcs_request_gpio() when bits_per_mux != 0 (bsc#1051510). - pinctrl: sh-pfc: r8a7790: Add missing TX_ER pin to avb_mii group (bsc#1051510). - pinctrl: sh-pfc: r8a7795: Fix MOD_SEL register pin assignment for SSI pins group (bsc#1051510). - pinctrl: sh-pfc: r8a7795: Fix to delete A20..A25 pins function definitions (bsc#1051510). - pinctrl: sh-pfc: r8a7796: Fix IPSR and MOD_SEL register pin assignment for NDFC pins group (bsc#1051510). - pinctrl: sh-pfc: r8a7796: Fix to delete A20..A25 pins function definitions (bsc#1051510). - pinctrl: sh-pfc: r8a7796: Fix to delete FSCLKST pin and IPSR7 bit[15:12] register definitions (bsc#1051510). - pinctrl: sunxi: fix V3s pinctrl driver IRQ bank base (bsc#1051510). - pinctrl: sunxi: fix wrong irq_banks number for H5 pinctrl (bsc#1051510). - pinctrl: uniphier: fix members of rmii group for Pro4 (bsc#1051510). - pinctrl: uniphier: fix pin_config_get() for input-enable (bsc#1051510). - pm / core: Fix supplier device runtime PM usage counter imbalance (bsc#1051510). - pm / hibernate: Fix oops at snapshot_write() (bsc#1051510). - pm / hibernate: Use CONFIG_HAVE_SET_MEMORY for include condition (bsc#1051510). - pm / wakeup: Only update last time for active wakeup sources (bsc#1051510). - power: gemini-poweroff: Avoid spurious poweroff (bsc#1051510). - powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently (bnc#1012382). - powerpc/64s: Clear PCR on boot (bnc#1012382). - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() (bsc#1068032, bsc#1075087, bsc#1091041). - powerpc: Add missing prototype for arch_irq_work_raise() (bnc#1012382). - powerpc/eeh: Fix enabling bridge MMIO windows (bnc#1012382). - powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bnc#1012382). - powerpc/mpic: Check if cpu_possible() in mpic_physmask() (bnc#1012382). - powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops (bnc#1012382). - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing (bnc#1012382). - powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops (bnc#1012382). - powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() (bnc#1012382). - powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG (bnc#1012382). - power: supply: act8945a_charger: fix of_irq_get() error check (bsc#1051510). - power: supply: cpcap-charger: add OMAP_USB2 dependency (bsc#1051510). - pwm: meson: Fix allocation of PWM channel array (bsc#1051510). - pwm: meson: Improve PWM calculation precision (bsc#1051510). - pwm: stm32: Enforce dependency on CONFIG_MFD_STM32_TIMERS (bsc#1051510). - pwm: stm32: Remove unused struct device (bsc#1051510). - pwm: tiehrpwm: fix clock imbalance in probe error path (bsc#1051510). - pwm: tiehrpwm: Fix runtime PM imbalance at unbind (bsc#1051510). - qed: Adapter flash update support (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add APIs for flash access (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add configuration information to register dump and debug data (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add driver infrastucture for handling mfw requests (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Add MFW interfaces for TLV request support (bsc#1086314 bsc#1086313 bsc#1086301). - qed* : Add new TLV to request PF to update MAC in bulletin board (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Add sanity check for SIMD fastpath handler (bsc#1050536 ). - qed: Add support for multi function mode with 802.1ad tagging (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Add support for processing fcoe tlv request (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for processing iscsi tlv request (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for tlv request processing (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Add support for Unified Fabric Port (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Advance drivers' version to 8.33.0.20 (bsc#1086314 ). - qed: code indent should use tabs where possible (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Correct Multicast API to reflect existence of 256 approximate buckets (bsc#1050536). - qed: Delete unused parameter p_ptt from mcp APIs (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Do not advertise DCBX_LLD_MANAGED capability (bsc#1050536 ). - qede: Add build_skb() support (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Add support for populating ethernet TLVs (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Adverstise software timestamp caps when PHC is not available (bsc#1050538). - qede: Do not drop rx-checksum invalidated packets (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Ethtool flash update support (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Fix barrier usage after tx doorbell write (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Fix ref-cnt usage count (bsc#1086314 bsc#1086313 bsc#1086301). - qede: fix spelling mistake: 'registeration' -> 'registration' (bsc#1086314 bsc#1086313 bsc#1086301 ). - qede: Refactor ethtool rx classification flow (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Support flow classification to the VFs (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Use NETIF_F_GRO_HW (bsc#1086314 bsc#1086313 bsc#1086301). - qede: Validate unsupported configurations (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix copying 2 strings (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix link flap issue due to mismatching EEE capabilities (bsc#1050536). - qed: Fix LL2 race during connection terminate (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix mask for physical address in ILT entry (networking-stable-18_06_08). - qed: Fix possibility of list corruption during rmmod flows (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Fix possible memory leak in Rx error path handling (bsc#1050536). - qed: Fix possible race for the link state value (bsc#1050536 ). - qed: Fix potential use-after-free in qed_spq_post() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix PTT entry leak in the selftest error flow (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix reading stale configuration information (bsc#1086314 ). - qed: Fix setting of incorrect eswitch mode (bsc#1050536 ). - qed: Fix shared memory inconsistency between driver and the MFW (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: fix spelling mistake: 'checksumed' -> 'checksummed' (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: fix spelling mistake: 'offloded' -> 'offloaded' (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: fix spelling mistake: 'taskelt' -> 'tasklet' (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix use of incorrect shmem address (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Fix use of incorrect size in memcpy call (bsc#1050536 ). - qed: Free reserved MR tid (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: HSI renaming for different types of HW (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Limit msix vectors in kdump kernel to the minimum required count (bsc#1050536). - qed: LL2 flush isles when connection is closed (bsc#1086314 bsc#1086313 bsc#1086301). - qed: off by one in qed_parse_mcp_trace_buf() (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Populate nvm image attribute shadow (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Refactoring and rearranging FW API with no functional impact (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Refactor mf_mode to consist of bits (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Remove reserveration of dpi for kernel (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Remove unused data member 'is_mf_default' (bsc#1086314 bsc#1086313 bsc#1086301). - qedr: Fix spelling mistake: 'hanlde' -> 'handle' (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Support drop action classification (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Support other classification modes (bsc#1086314 bsc#1086313 bsc#1086301). - qed: use kzalloc instead of kmalloc and memset (bsc#1086314 bsc#1086313 bsc#1086301). - qed: Use true and false for boolean values (bsc#1086314 bsc#1086313 bsc#1086301). - qed* : use trust mode to allow VF to override forced MAC (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301 ). - qed*: Utilize FW 8.33.1.0 (bsc#1086314 bsc#1086313 bsc#1086301). - qed*: Utilize FW 8.33.11.0 (bsc#1086314 bsc#1086313 bsc#1086301). - qlogic: check kstrtoul() for errors (bsc#1050540). - qlogic/qed: Constify *pkt_type_str (bsc#1086314 bsc#1086313 bsc#1086301). - qmi_wwan: add support for Quectel EG91 (bsc#1051510). - qmi_wwan: add support for the Dell Wireless 5821e module (bsc#1051510). - qmi_wwan: fix interface number for DW5821e production firmware (bsc#1051510). - qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect (bsc#1051510). - r8152: fix tx packets accounting (bsc#1051510). - r8152: napi hangup fix after disconnect (bsc#1051510). - r8169: Be drop monitor friendly (bsc#1051510). - rbd: flush rbd_dev->watch_dwork after watch is unregistered (bsc#1103216). - rdma/cma: Do not query GID during QP state transition to RTR (bsc#1046306). - rdma/cma: Fix use after destroy access to net namespace for IPoIB (bsc#1046306). - rdma/cxgb4: release hw resources on device removal (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - rdma/cxgb4: Use structs to describe the uABI instead of opencoding (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - rdma/i40iw: Avoid panic when objects are being created and destroyed (bsc#1058659). - rdma/i40iw: Avoid reference leaks when processing the AEQ (bsc#1058659). - rdma/ipoib: Update paths on CLIENT_REREG/SM_CHANGE events (bsc#1046307). - rdma/iwpm: fix memory leak on map_info (bsc#1046306 ). - rdma/mlx4: Discard unknown SQP work requests (bsc#1046302 ). - rdma/mlx5: Do not assume that medium blueFlame register exists (bsc#1046305). - rdma/mlx5: Fix memory leak in mlx5_ib_create_srq() error path (bsc#1046305). - rdma/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow (bsc#1046305). - rdma/mlx5: Fix NULL dereference while accessing XRC_TGT QPs (bsc#1046305). - rdma/mlx5: Protect from shift operand overflow (bsc#1046305 ). - rdma/mlx5: Use proper spec flow label type (bsc#1046305 ). - rdma/qedr: Annotate iomem pointers correctly (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Declare local functions static (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: eliminate duplicate barriers on weakly-ordered archs (bsc#1086314 bsc#1086313 bsc#1086301 ). - rdma/qedr: Fix doorbell bar mapping for dpi > 1 (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix endian problems around imm_data (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix ipv6 destination address resolution (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix iWARP connect with port mapper (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix iWARP write and send with immediate (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Fix kernel panic when running fio over NFSoRDMA (bsc#1086314 bsc#1086313 bsc#1086301 ). - rdma/qedr: Fix wmb usage in qedr (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: lower print level of flushed CQEs (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Remove set-but-not-used variables (bsc#1086314 bsc#1086313 bsc#1086301). - rdma/qedr: Use NULL instead of 0 to represent a pointer (bsc#1086314 bsc#1086313 bsc#1086301 ). - rdma/qedr: Use zeroing memory allocator than allocator/memset (bsc#1086314 bsc#1086313 bsc#1086301 ). - rdma/qedr: Zero stack memory before copying to user space (bsc#1086314 bsc#1086313 bsc#1086301 ). - rdma/ucma: Do not allow setting RDMA_OPTION_IB_PATH without an RDMA device (bsc#1046306). - rdma/ucma: ucma_context reference leak in error path (bsc#1046306). - rdma/uverbs: Protect from attempts to create flows on unsupported QP (bsc#1046306). - rdma/uverbs: Use an unambiguous errno for method not supported (bsc#1046306). - regulator: max8998: Fix platform data retrieval (bsc#1051510). - regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops (bsc#1051510). - regulator: qcom_spmi: Include offset when translating voltages (bsc#1051510). - regulator: tps65218: Fix strobe assignment (bsc#1051510). - Revert 'drm/nouveau/drm/therm/fan: add a fallback if no fan control is specified in the vbios' (bsc#1103356). - Revert 'nvme: mark nvme_queue_scan static' (bsc#1054245). - Revert 'nvmet: constify struct nvmet_fabrics_ops' (bsc#1054245). - Revert 'xhci: plat: Register shutdown for xhci_plat' (bsc#1090888). - rpm/kernel-source.spec.in: Add more stuff to Recommends ... and move bc to Recommends as well. All these packages are needed for building a kernel manually from scratch with kernel-source files. - rpm/kernel-source.spec.in: require bc for kernel-source This is needed for building include/generated/timeconst.h from kernel/time/timeconst.bc. - rtc: ac100: Fix ac100 determine rate bug (bsc#1051510). - rtc: pxa: fix probe function (bsc#1051510). - rtlwifi: Fix kernel Oops 'Fw download fail!!' (bsc#1051510). - rtlwifi: rtl8821ae: fix firmware is not ready to run (bsc#1051510). - rtnetlink: validate attributes in do_setlink() (networking-stable-18_06_08). - s390: add assembler macros for CPU alternatives (git-fixes f19fbd5ed6). - s390/cio: clear timer when terminating driver I/O (bsc#1103421). - s390/cio: fix return code after missing interrupt (bsc#1103421). - s390: correct module section names for expoline code revert (git-fixes f19fbd5ed6). - s390: Correct register corruption in critical section cleanup (git-fixes 6dd85fbb87). - s390/crc32-vx: use expoline for indirect branches (git-fixes f19fbd5ed6). - s390/dasd: fix handling of internal requests (bsc#1103421). - s390/dasd: fix wrongly assigned configuration data (bsc#1103421). - s390/dasd: prevent prefix I/O error (bsc#1103421). - s390/eadm: fix CONFIG_BLOCK include dependency (bsc#1103421). - s390: extend expoline to BC instructions (git-fixes, bsc#1103421). - s390/ftrace: use expoline for indirect branches (git-fixes f19fbd5ed6). - s390/gs: add compat regset for the guarded storage broadcast control block (git-fixes e525f8a6e696). - s390/ipl: ensure loadparm valid flag is set (bsc#1103421). - s390/kernel: use expoline for indirect branches (git-fixes f19fbd5ed6). - s390/lib: use expoline for indirect branches (git-fixes f19fbd5ed6). - s390: move expoline assembler macros to a header (git-fixes f19fbd5ed6). - s390: move spectre sysfs attribute code (bsc#1090098). - s390: optimize memset implementation (git-fixes f19fbd5ed6). - s390/pci: do not require AIS facility (bsc#1103421). - s390/qdio: do not release memory in qdio_setup_irq() (bsc#1103421). - s390/qdio: do not retry EQBS after CCQ 96 (bsc#1102088, LTC#169699). - s390/qeth: fix error handling in adapter command callbacks (bsc#1102088, LTC#169699). - s390/qeth: fix race when setting MAC address (bnc#1093148, LTC#167307). - s390: remove indirect branch from do_softirq_own_stack (git-fixes f19fbd5ed6). - s390: use expoline thunks in the BPF JIT (git-fixes, bsc#1103421). - sched/core: Optimize ttwu_stat() (bnc#1101669 optimise numa balancing for fast migrate). - sched/core: Optimize update_stats_*() (bnc#1101669 optimise numa balancing for fast migrate). - scripts/dtc: fix '%zx' warning (bsc#1051510). - scripts/gdb/linux/tasks.py: fix get_thread_info (bsc#1051510). - scripts/git_sort/git_sort.py: add modules-next tree - scripts/git_sort/git_sort.py: Add 'nvme-4.18' to the list of repositories - scripts/kernel-doc: Do not fail with status != 0 if error encountered with -none (bsc#1051510). - scsi: aacraid: Correct hba_send to include iu_type (bsc#1077989). - scsi: core: clean up generated file scsi_devinfo_tbl.c (bsc#1077989). - scsi: cxgb4i: silence overflow warning in t4_uld_rx_handler() (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - scsi: megaraid_sas: Do not log an error if FW successfully initializes (bsc#1077989). - scsi: qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1077989). - scsi: qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1077338). - scsi: zfcp: fix infinite iteration on ERP ready list (bsc#1102088, LTC#169699). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bsc#1102088, LTC#169699). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bsc#1102088, LTC#169699). - sctp: not allow transport timeout value less than HZ/5 for hb_timer (networking-stable-18_06_08). - serial: earlycon: Only try fdt when specify 'earlycon' exactly (bsc#1051510). - serial: imx: drop if that always evaluates to true (bsc#1051510). - serial: pxa: Fix out-of-bounds access through serial port index (bsc#1051510). - serial: sh-sci: Update warning message in sci_request_dma_chan() (bsc#1051510). - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version (bsc#1051510). - serial: sirf: Fix out-of-bounds access through DT alias (bsc#1051510). - sfc: stop the TX queue before pushing new buffers (bsc#1058169 ). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1051510). - smsc75xx: fix smsc75xx_set_features() (bsc#1051510). - smsc95xx: Configure pause time to 0xffff when tx flow control enabled (bsc#1051510). - soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure (bsc#1051510). - soc: bcm: raspberrypi-power: Fix use of __packed (bsc#1051510). - soc: imx: gpc: de-register power domains only if initialized (bsc#1051510). - soc: imx: gpc: restrict register range for regmap access (bsc#1051510). - soc: imx: gpcv2: correct PGC offset (bsc#1051510). - soc: imx: gpcv2: Do not pass static memory as platform data (bsc#1051510). - soc: imx: gpcv2: fix regulator deferred probe (bsc#1051510). - socket: close race condition between sock_close() and sockfs_setattr() (networking-stable-18_06_20). - soc: mediatek: pwrap: fix compiler errors (bsc#1051510). - soc: qcom: wcnss_ctrl: Fix increment in NV upload (bsc#1051510). - soc: rockchip: power-domain: Fix wrong value when power up pd with writemask (bsc#1051510). - soc/tegra: Fix bad of_node_put() in powergate init (bsc#1051510). - soc/tegra: flowctrl: Fix error handling (bsc#1051510). - soc: ti: ti_sci_pm_domains: Populate name for genpd (bsc#1051510). - soc: zte: Restrict SOC_ZTE to ARCH_ZX or COMPILE_TEST (bsc#1051510). - spi: bcm2835aux: ensure interrupts are enabled for shared handler (bsc#1051510). - spi/bcm63xx-hspi: Enable the clock before calling clk_get_rate() (bsc#1051510). - spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL (bsc#1051510). - spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master (bsc#1051510). - spi: bcm-qspi: fIX some error handling paths (bsc#1051510). - spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo() (bsc#1051510). - spi: core: Fix devm_spi_register_master() function name in kerneldoc (bsc#1051510). - spi: pxa2xx: Allow 64-bit DMA (bsc#1051510). - spi: pxa2xx: check clk_prepare_enable() return value (bsc#1051510). - spi: pxa2xx: Do not touch CS pin until we have a transfer pending (bsc#1051510). - spi: sh-msiof: Fix bit field overflow writes to TSCR/RSCR (bsc#1051510). - staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() (bsc#1051510). - staging: fbtft: array underflow in fbtft_request_gpios_match() (bsc#1051510). - staging: iio: ade7759: fix signed extension bug on shift of a u8 (bsc#1051510). - staging:iio:ade7854: Fix error handling on read/write (bsc#1051510). - staging:iio:ade7854: Fix the wrong number of bits to read (bsc#1051510). - staging: rtl8723bs: add missing range check on id (bsc#1051510). - staging: rtl8723bs: fix u8 less than zero check (bsc#1051510). - staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data() (bsc#1051510). - staging: rts5208: Fix 'seg_no' calculation in reset_ms_card() (bsc#1051510). - staging: sm750fb: Fix parameter mistake in poke32 (bsc#1051510). - tcp: verify the checksum of the first data segment in a new connection (networking-stable-18_06_20). - team: use netdev_features_t instead of u32 (networking-stable-18_06_08). - thermal: bcm2835: fix an error code in probe() (bsc#1051510). - thermal/drivers/hisi: Fix kernel panic on alarm interrupt (bsc#1051510). - thermal/drivers/hisi: Fix missing interrupt enablement (bsc#1051510). - thermal/drivers/hisi: Fix multiple alarm interrupts firing (bsc#1051510). - thermal/drivers/hisi: Simplify the temperature/step computation (bsc#1051510). - thermal: exynos: fix setting rising_threshold for Exynos5433 (bsc#1051510). - thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies (bsc#1051510). - timekeeping: Use proper timekeeper for debug code (bsc#1051510). - time: Make sure jiffies_to_msecs() preserves non-zero time periods (bsc#1051510). - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames (bsc#1051510). - tools/lib/lockdep: Define the ARRAY_SIZE() macro (bsc#1051510). - tools/lib/lockdep: Fix undefined symbol prandom_u32 (bsc#1051510). - tools lib traceevent: Fix get_field_str() for dynamic strings (bsc#1051510). - tools lib traceevent: Simplify pointer print logic and fix %pF (bsc#1051510). - tools/power turbostat: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1051510). - tools/thermal: tmon: fix for segfault (bsc#1051510). - tools/usbip: fixes build with musl libc toolchain (bsc#1051510). - tty: Fix data race in tty_insert_flip_string_fixed_flag (bsc#1051510). - ubi: fastmap: Correctly handle interrupted erasures in EBA (bsc#1051510). - ubifs: Fix data node size for truncating uncompressed nodes (bsc#1051510). - ubifs: Fix potential integer overflow in allocation (bsc#1051510). - ubifs: Fix uninitialized variable in search_dh_cookie() (bsc#1051510). - ubifs: Fix unlink code wrt. double hash lookups (bsc#1051510). - udp: fix rx queue len reported by diag and proc interface (networking-stable-18_06_20). - Update config files: enable CONFIG_I2C_PXA for arm64 (bsc#1101465) - usb: audio-v2: Correct the comment for struct uac_clock_selector_descriptor (bsc#1051510). - usb: cdc_acm: Add quirk for Castles VEGA3000 (bsc#1051510). - usb: cdc_acm: Add quirk for Uniden UBC125 scanner (bsc#1051510). - usb: cdc_acm: prevent race at write to acm while system resumes (bsc#1087092). - usb: core: handle hub C_PORT_OVER_CURRENT condition (bsc#1051510). - usb: do not reset if a low-speed or full-speed device timed out (bsc#1051510). - usb: dwc2: debugfs: Do not touch RX FIFO during register dump (bsc#1051510). - usb: dwc2: Fix DMA alignment to start at allocated boundary (bsc#1051510). - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() (bsc#1051510). - usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub (bsc#1051510). - usb: dwc2: hcd: Fix host channel halt flow (bsc#1051510). - usb: dwc2: host: Fix transaction errors in host mode (bsc#1051510). - usb: dwc2: Improve gadget state disconnection handling (bsc#1085539). - usb: dwc3: Add SoftReset PHY synchonization delay (bsc#1051510). - usb: dwc3: ep0: Reset TRB counter for ep0 IN (bsc#1051510). - usb: dwc3: Fix GDBGFIFOSPACE_TYPE values (bsc#1051510). - usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue (bsc#1051510). - usb: dwc3: gadget: Set maxpacket size for ep0 IN (bsc#1051510). - usb: dwc3: Makefile: fix link error on randconfig (bsc#1051510). - usb: dwc3: of-simple: fix use-after-free on remove (bsc#1051510). - usb: dwc3: omap: do not miss events during suspend/resume (bsc#1051510). - usb: dwc3: pci: Properly cleanup resource (bsc#1051510). - usb: dwc3: prevent setting PRTCAP to OTG from debugfs (bsc#1051510). - usb: dwc3: Undo PHY init if soft reset fails (bsc#1051510). - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields (bsc#1051510). - usb: gadget: bdc: 64-bit pointer capability check (bsc#1051510). - usb: gadget: composite: fix incorrect handling of OS desc requests (bsc#1051510). - usb: gadget: core: Fix use-after-free of usb_request (bsc#1051510). - usb: gadget: dummy: fix nonsensical comparisons (bsc#1051510). - usb: gadget: ffs: Execute copy_to_user() with USER_DS set (bsc#1051510). - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() (bsc#1051510). - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS (bsc#1051510). - usb: gadget: f_fs: Only return delayed status when len is 0 (bsc#1051510). - usb: gadget: f_fs: Process all descriptors during bind (bsc#1051510). - usb: gadget: f_fs: Use config_ep_by_speed() (bsc#1051510). - usb/gadget: Fix 'high bandwidth' check in usb_gadget_ep_match_desc() (bsc#1051510). - usb: gadget: f_mass_storage: Fix the logic to iterate all common->luns (bsc#1051510). - usb: gadget: f_midi: fixing a possible double-free in f_midi (bsc#1051510). - usb: gadget: fsl_udc_core: fix ep valid checks (bsc#1051510). - usb: gadget: f_uac2: fix bFirstInterface in composite gadget (bsc#1051510). - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' (bsc#1051510). - usb: gadget: f_uac2: fix error handling in afunc_bind (again) (bsc#1051510). - usb: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe() (bsc#1051510). - usb: gadget: udc: change comparison to bitshift when dealing with a mask (bsc#1051510). - usb: gadget: udc: core: update usb_ep_queue() documentation (bsc#1051510). - usb: gadget: udc: renesas_usb3: disable the controller's irqs for reconnecting (bsc#1051510). - usb: host: ehci: use correct device pointer for dma ops (bsc#1087092). - usb: host: xhci-plat: revert 'usb: host: xhci-plat: enable clk in resume timing' (bsc#1051510). - usb: hub: Do not wait for connect state at resume for powered-off ports (bsc#1051510). - usb: Increment wakeup count on remote wakeup (bsc#1051510). - usbip: Correct maximum value of CONFIG_USBIP_VHCI_HC_PORTS (bsc#1051510). - usbip: usbip_detach: Fix memory, udev context and udev leak (bsc#1051510). - usbip: usbip_event: fix to not print kernel pointer address (bsc#1051510). - usbip: usbip_host: refine probe and disconnect debug msgs to be useful (bsc#1051510). - usbip: vhci_hcd: Fix usb device and sockfd leaks (bsc#1051510). - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1051510). - usb: ldusb: add PIDs for new CASSY devices supported by this driver (bsc#1051510). - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers (bsc#1051510). - usb: musb: fix enumeration after resume (bsc#1051510). - usb: musb: Fix external abort in musb_remove on omap2430 (bsc#1051510). - usb: musb: fix remote wakeup racing with suspend (bsc#1051510). - usb: musb: gadget: misplaced out of bounds check (bsc#1051510). - usb: musb: host: fix potential NULL pointer dereference (bsc#1051510). - usb: musb: trace: fix NULL pointer dereference in musb_g_tx() (bsc#1051510). - usb: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM (bsc#1087092). - usb: option: Add support for FS040U modem (bsc#1087092). - usb: quirks: add delay quirks for Corsair Strafe (bsc#1051510). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bsc#1051510). - usb: serial: cp210x: add another USB ID for Qivicon ZigBee stick (bsc#1051510). - usb: serial: cp210x: add CESINEL device ids (bsc#1051510). - usb: serial: cp210x: add ELDAT Easywave RX09 id (bsc#1051510). - usb: serial: cp210x: add ID for NI USB serial console (bsc#1051510). - usb: serial: cp210x: add Silicon Labs IDs for Windows Update (bsc#1051510). - usb: serial: ftdi_sio: add RT Systems VX-8 cable (bsc#1051510). - usb: serial: ftdi_sio: add support for Harman FirmwareHubEmulator (bsc#1051510). - usb: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster (bsc#1051510). - usb: serial: keyspan_pda: fix modem-status error handling (bsc#1100132). - usb: serial: mos7840: fix status-register error handling (bsc#1051510). - usb: serial: option: adding support for ublox R410M (bsc#1051510). - usb: serial: option: Add support for Quectel EP06 (bsc#1051510). - usb: serial: option: reimplement interface masking (bsc#1051510). - usb: serial: simple: add libtransistor console (bsc#1051510). - usb: serial: visor: handle potential invalid device configuration (bsc#1051510). - usb-storage: Add compatibility quirk flags for G-Technologies G-Drive (bsc#1051510). - usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver (bsc#1051510). - usb: yurex: fix out-of-bounds uaccess in read handler (bsc#1100132). - vfio/pci: Fix potential Spectre v1 (bsc#1051510). - vfio/spapr: Use IOMMU pageshift rather than pagesize (bsc#1077761, git-fixes). - vhost: synchronize IOTLB message with dev cleanup (networking-stable-18_06_08). - video/omap: add module license tags (bsc#1090888). - video: remove unused kconfig SH_LCD_MIPI_DSI (bsc#1087092). - virtio_balloon: fix another race between migration and ballooning (bsc#1051510). - virtio-net: correctly transmit XDP buff after linearizing (networking-stable-18_06_08). - virtio_net: Disable interrupts if napi_complete_done rescheduled napi (bsc#1051510). - virtio-net: fix leaking page for gso packet during mergeable XDP (networking-stable-18_06_08). - virtio-net: fix module unloading (bsc#1051510). - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS (bsc#1051510). - virtio_net: fix XDP code path in receive_small() (bsc#1051510). - vmcore: add API to collect hardware dump in second kernel (bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584). - vrf: check the original netdevice for generating redirect (networking-stable-18_06_08). - wlcore: add missing nvs file name info for wilink8 (bsc#1051510). - wlcore: sdio: check for valid platform device data before suspend (bsc#1051510). - x.509: unpack RSA signatureValue field from BIT STRING (bsc#1051510). - x86/efi: Access EFI MMIO data as unencrypted when SEV is active (bsc#1099193). - xen/grant-table: log the lack of grants (bnc#1085042). - xhci: Fix kernel oops in trace_xhci_free_virt_device (bsc#1100132). - xhci: Fix USB3 NULL pointer dereference at logical disconnect (bsc#1090888). - xhci: Fix use-after-free in xhci_free_virt_device (bsc#1100132). - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bsc#1100132).
    last seen 2018-11-02
    modified 2018-11-01
    plugin id 111590
    published 2018-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111590
    title openSUSE Security Update : the Linux Kernel (openSUSE-2018-826)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1466.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service. CVE-2018-5390 (SegmentSmack) Juha-Matti Tilli discovered that a remote attacker can trigger the worst case code paths for TCP stream reassembly with low rates of specially crafted packets, leading to remote denial of service. CVE-2018-5391 (FragmentSmack) Juha-Matti Tilli discovered a flaw in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can take advantage of this flaw to trigger time and calculation expensive fragment reassembly algorithms by sending specially crafted packets, leading to remote denial of service. This is mitigated by reducing the default limits on memory usage for incomplete fragmented packets. The same mitigation can be achieved without the need to reboot, by setting the sysctls : net.ipv4.ipfrag_high_thresh = 262144 net.ipv6.ip6frag_high_thresh = 262144 net.ipv4.ipfrag_low_thresh = 196608 net.ipv6.ip6frag_low_thresh = 196608 The default values may still be increased by local configuration if necessary. CVE-2018-13405 Jann Horn discovered that the inode_init_owner function in fs/inode.c in the Linux kernel allows local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID. For Debian 8 'Jessie', these problems have been fixed in version 4.9.110-3+deb9u2~deb8u1. This update includes fixes for several regressions in the latest point release. The earlier version 4.9.110-3+deb9u1~deb8u1 included all the above fixes except for CVE-2018-5391, which may be mitigated as explained above. We recommend that you upgrade your linux-4.9 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111763
    published 2018-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111763
    title Debian DLA-1466-1 : linux-4.9 security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2864-1.NASL
    description This update for the Linux Kernel 4.4.121-92_92 fixes several issues. The following security issues were fixed : CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-03
    modified 2018-11-02
    plugin id 117802
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117802
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2864-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-2384.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: race condition in snd_seq_write() may lead to UAF or OOB access (CVE-2018-7566) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390. Bug Fix(es) : These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article : https://access.redhat.com/articles/3527791
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 111703
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111703
    title CentOS 7 : kernel (CESA-2018:2384) (Foreshadow)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2933.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634. Bug Fix(es) : * Previously, invalid headers in the sk_buff struct led to an indefinite loop in the tcp_collapse() function. As a consequence, the system became unresponsive. This update backports the upstream changes that remove the problematic code in tcp_collapse(). As a result, the system no longer hangs in the described scenario. (BZ#1619630) * After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the '__max_smt_threads()' function has been fixed. As a result, both threads are now detected correctly in the described situation. (BZ#1625333) * Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. As a result, the kernel no longer panics in the described scenario. (BZ#1629632)
    last seen 2018-10-18
    modified 2018-10-17
    plugin id 118165
    published 2018-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118165
    title RHEL 6 : kernel (RHSA-2018:2933)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2924.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634. Bug Fix(es) : * After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the '__max_smt_threads()' function has been fixed. As a result, both threads are now detected correctly in the described situation. (BZ#1625334) * Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. As a result, the kernel no longer panics in the described scenario. (BZ#1629633)
    last seen 2018-10-18
    modified 2018-10-17
    plugin id 118163
    published 2018-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118163
    title RHEL 6 : kernel (RHSA-2018:2924)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1322.NASL
    description According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-27
    modified 2018-10-25
    plugin id 118367
    published 2018-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118367
    title EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1322)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3470-1.NASL
    description This update for the Linux Kernel 4.4.121-92_95 fixes several issues. The following security issues were fixed : CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 118460
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118460
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3470-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3172-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_104 fixes several issues. The following security issues were fixed : CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1110233). CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-18
    modified 2018-10-17
    plugin id 118174
    published 2018-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118174
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3172-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-2390.NASL
    description From Red Hat Security Advisory 2018:2390 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16th August 2018] The original errata text was missing reference to CVE-2018-5390 fix. We have updated the errata text to correct this issue. No changes have been made to the packages. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390; and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bug Fix(es) : * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819)
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111724
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111724
    title Oracle Linux 6 : kernel (ELSA-2018-2390) (Foreshadow)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2395.NASL
    description An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: race condition in snd_seq_write() may lead to UAF or OOB access (CVE-2018-7566) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390. Bug Fix(es) : * The kernel-rt packages have been upgraded to the 3.10.0-862.10.2 source tree, which provides a number of bug fixes over the previous version. (BZ# 1594915)
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111736
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111736
    title RHEL 7 : kernel-rt (RHSA-2018:2395) (Foreshadow)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3741-3.NASL
    description USN-3741-1 introduced mitigations in the Linux kernel for Ubuntu 14.04 LTS to address L1 Terminal Fault (L1TF) vulnerabilities (CVE-2018-3620, CVE-2018-3646). Unfortunately, the update introduced regressions that caused kernel panics when booting in some environments as well as preventing Java applications from starting. This update fixes the problems. We apologize for the inconvenience. Original advisory details : It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 112017
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112017
    title Ubuntu 14.04 LTS : linux regressions (USN-3741-3) (Foreshadow)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2645.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) Red Hat would like to thank Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting this issue.
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 112284
    published 2018-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112284
    title RHEL 6 : kernel (RHSA-2018:2645)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2776.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting this issue. Bug Fix(es) : * Previously, making the total buffer size bigger than the memory size for early allocation through the trace_buf_size boot option, made the system become unresponsive at the boot stage. This update introduces a change in the early memory allocation. As a result, the system no longer hangs in the above described scenario. (BZ#1588365) * When inserting objects with the same keys, made the rhlist implementation corrupt the chain pointers. As a consequence, elements were missing on removal and traversal. This patch updates the chain pointers correctly. As a result, there are no missing elements on removal and traversal in the above-described scenario. (BZ#1601008) * Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported 'Not affected' on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as 'Vulnerable' or 'Mitigation: Kernel entry/exit barrier (TYPE)' where TYPE is one of 'eieio', 'hwsync', 'fallback', or 'unknown'. (BZ# 1612352) * Previously, the early microcode updater in the kernel was trying to perform a microcode update on virtualized guests. As a consequence, the virtualized guests sometimes mishandled the request to perform the microcode update and became unresponsive in the early boot stage. This update applies an upstream patch to avoid the early microcode update when running under a hypervisor. As a result, no kernel freezes appear in the described scenario. (BZ#1618389)
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 117780
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117780
    title RHEL 7 : kernel (RHSA-2018:2776)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2790.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting this issue. Bug Fix(es) : * Previously, the early microcode updater in the kernel was trying to perform a microcode update on virtualized guests. As a consequence, the virtualized guests sometimes mishandled the request to perform the microcode update and became unresponsive in the early boot stage. This update applies an upstream patch to avoid the early microcode update when running under a hypervisor. As a result, no kernel freezes appear in the described scenario. (BZ#1618386)
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 117782
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117782
    title RHEL 7 : kernel (RHSA-2018:2790)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4216.NASL
    description Description of changes: [4.1.12-124.19.2.el7uek] - tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: use an RB tree for ooo receive queue (Yaogong Wang) [Orabug: 28639707] {CVE-2018-5390} - tcp: refine tcp_prune_ofo_queue() to not drop all packets (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: introduce tcp_under_memory_pressure() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: increment sk_drops for dropped rx packets (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 117514
    published 2018-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117514
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4216)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1049.NASL
    description Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. An attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port. Thus, the attacks cannot be performed using spoofed IP addresses. ( https://www.kb.cert.org/vuls/id/962459 )
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111553
    published 2018-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111553
    title Amazon Linux AMI : kernel (ALAS-2018-1049)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3741-2.NASL
    description USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111752
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111752
    title Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3741-2) (Foreshadow)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1278.NASL
    description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) - A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) - A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system.(CVE-2018-5391) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 112237
    published 2018-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112237
    title EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1278)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0256.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - tcp: add tcp_ooo_try_coalesce helper (Eric Dumazet) [Orabug: 28639707] (CVE-2018-5390) - tcp: call tcp_drop from tcp_data_queue_ofo (Eric Dumazet) [Orabug: 28639707] (CVE-2018-5390) - tcp: detect malicious patterns in tcp_collapse_ofo_queue (Eric Dumazet) [Orabug: 28639707] (CVE-2018-5390) - tcp: avoid collapses in tcp_prune_queue if possible (Eric Dumazet) [Orabug: 28639707] (CVE-2018-5390) - tcp: free batches of packets in tcp_prune_ofo_queue (Eric Dumazet) [Orabug: 28639707] (CVE-2018-5390) - tcp: use an RB tree for ooo receive queue (Yaogong Wang) [Orabug: 28639707] (CVE-2018-5390) - tcp: refine tcp_prune_ofo_queue to not drop all packets (Eric Dumazet) [Orabug: 28639707] (CVE-2018-5390) - tcp: introduce tcp_under_memory_pressure (Eric Dumazet) [Orabug: 28639707] (CVE-2018-5390) - tcp: increment sk_drops for dropped rx packets (Eric Dumazet) [Orabug: 28639707] (CVE-2018-5390)
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 117512
    published 2018-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117512
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0256)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-885.NASL
    description The openSUSE Leap 42.3 kernel was updated to 4.4.143 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). - CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811) - CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846) - CVE-2018-10878: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813) - CVE-2018-10879: A flaw was found in the ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844) - CVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845) - CVE-2018-10881: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099864) - CVE-2018-10882: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849) - CVE-2018-10883: A flaw was found in the ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. (bnc#1099863) - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2018-3620: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis (bnc#1087081 1089343 ). - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bnc#1089343 1104365). - CVE-2018-5390 aka 'SegmentSmack': The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). The following non-security bugs were fixed : - Add support for 5,25,50, and 100G to 802.3ad bonding driver (bsc#1096978) - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS (bnc#1012382). - arm64: do not open code page table entry creation (bsc#1102197). - arm64: kpti: Use early_param for kpti= command-line option (bsc#1102188). - arm64: Make sure permission updates happen for pmd/pud (bsc#1102197). - atm: zatm: Fix potential Spectre v1 (bnc#1012382). - bcm63xx_enet: correct clock usage (bnc#1012382). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (bnc#1012382). - blkcg: simplify statistic accumulation code (bsc#1082979). - block: copy ioprio in __bio_clone_fast() (bsc#1082653). - block/swim: Fix array bounds check (bsc#1082979). - bpf: fix loading of BPF_MAXINSNS sized programs (bsc#1012382). - bpf, x64: fix memleak when not converging after image (bsc#1012382). - btrfs: Do not remove block group still has pinned down bytes (bsc#1086457). - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (bsc#1099858). - cachefiles: Fix refcounting bug in backing-file read monitoring (bsc#1099858). - cachefiles: Wait rather than BUG'ing on 'Unexpected object collision' (bsc#1099858). - cifs: fix bad/NULL ptr dereferencing in SMB2_sess_setup() (bsc#1090123). - compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled (bnc#1012382). - compiler, clang: properly override 'inline' for clang (bnc#1012382). - compiler, clang: suppress warning for unused static inline functions (bnc#1012382). - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (bnc#1012382). - cpu/hotplug: Add sysfs state interface (bsc#1089343). - cpu/hotplug: Provide knobs to control SMT (bsc#1089343). - cpu/hotplug: Split do_cpu_down() (bsc#1089343). - crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak (bnc#1012382). - crypto: crypto4xx - remove bad list_del (bnc#1012382). - dm thin metadata: remove needless work from __commit_transaction (bsc#1082979). - drm/msm: Fix possible null dereference on failure of get_pages() (bsc#1102394). - drm: re-enable error handling (bsc#1103884). - esp6: fix memleak on error path in esp6_input (git-fixes). - ext4: check for allocation block validity with block group locked (bsc#1104495). - ext4: do not update s_last_mounted of a frozen fs (bsc#1101841). - ext4: factor out helper ext4_sample_last_mounted() (bsc#1101841). - ext4: fix check to prevent initializing reserved inodes (bsc#1104319). - ext4: fix false negatives *and* false positives in ext4_check_descriptors() (bsc#1103445). - ext4: fix inline data updates with checksums enabled (bsc#1104494). - fscache: Allow cancelled operations to be enqueued (bsc#1099858). - fscache: Fix reference overput in fscache_attach_object() error handling (bsc#1099858). - genirq: Make force irq threading setup more robust (bsc#1082979). - hid: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter (bnc#1012382). - ib/isert: fix T10-pi check mask setting (bsc#1082979). - ibmasm: do not write out of bounds in read handler (bnc#1012382). - ibmvnic: Fix error recovery on login failure (bsc#1101789). - ibmvnic: Remove code to request error information (bsc#1104174). - ibmvnic: Revise RX/TX queue error messages (bsc#1101331). - ibmvnic: Update firmware error reporting with cause string (bsc#1104174). - iw_cxgb4: correctly enforce the max reg_mr depth (bnc#1012382). - kabi protect includes in include/linux/inet.h (bsc#1095643). - kabi protect net/core/utils.c includes (bsc#1095643). - kABI: protect struct loop_device (kabi). - kABI: reintroduce __static_cpu_has_safe (kabi). - Kbuild: fix # escaping in .cmd files for future Make (bnc#1012382). - keys: DNS: fix parsing multiple options (bnc#1012382). - kvm: arm/arm64: Drop resource size check for GICV window (bsc#1102215). - kvm: arm/arm64: Set dist->spis to NULL after kfree (bsc#1102214). - libata: do not try to pass through NCQ commands to non-NCQ devices (bsc#1082979). - loop: add recursion validation to LOOP_CHANGE_FD (bnc#1012382). - loop: remember whether sysfs_create_group() was done (bnc#1012382). - mmc: dw_mmc: fix card threshold control configuration (bsc#1102203). - mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing (bsc#1097771). - net: cxgb3_main: fix potential Spectre v1 (bnc#1012382). - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() (bnc#1012382). - net: dccp: switch rx_tstamp_last_feedback to monotonic clock (bnc#1012382). - netfilter: ebtables: reject non-bridge targets (bnc#1012382). - netfilter: nf_queue: augment nfqa_cfg_policy (bnc#1012382). - netfilter: x_tables: initialise match/target check parameter struct (bnc#1012382). - net/mlx5: Fix command interface race in polling mode (bnc#1012382). - net/mlx5: Fix incorrect raw command length parsing (bnc#1012382). - net: mvneta: fix the Rx desc DMA address in the Rx path (bsc#1102207). - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL (bnc#1012382). - net: off by one in inet6_pton() (bsc#1095643). - net: phy: marvell: Use strlcpy() for ethtool::get_strings (bsc#1102205). - net_sched: blackhole: tell upper qdisc about dropped packets (bnc#1012382). - net: sungem: fix rx checksum support (bnc#1012382). - net/utils: generic inet_pton_with_scope helper (bsc#1095643). - null_blk: use sector_div instead of do_div (bsc#1082979). - nvme-rdma: Check remotely invalidated rkey matches our expected rkey (bsc#1092001). - nvme-rdma: default MR page size to 4k (bsc#1092001). - nvme-rdma: do not complete requests before a send work request has completed (bsc#1092001). - nvme-rdma: do not suppress send completions (bsc#1092001). - nvme-rdma: Fix command completion race at error recovery (bsc#1090435). - nvme-rdma: make nvme_rdma_[create|destroy]_queue_ib symmetrical (bsc#1092001). - nvme-rdma: use inet_pton_with_scope helper (bsc#1095643). - nvme-rdma: Use mr pool (bsc#1092001). - nvme-rdma: wait for local invalidation before completing a request (bsc#1092001). - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bnc#1012382). - pci: ibmphp: Fix use-before-set in get_max_bus_speed() (bsc#1100132). - perf tools: Move syscall number fallbacks from perf-sys.h to tools/arch/x86/include/asm/ (bnc#1012382). - pm / hibernate: Fix oops at snapshot_write() (bnc#1012382). - powerpc/64: Initialise thread_info for emergency stacks (bsc#1094244, bsc#1100930, bsc#1102683). - powerpc/fadump: handle crash memory ranges array index overflow (bsc#1103269). - powerpc/fadump: merge adjacent memory ranges to reduce PT_LOAD segements (bsc#1103269). - qed: Limit msix vectors in kdump kernel to the minimum required count (bnc#1012382). - r8152: napi hangup fix after disconnect (bnc#1012382). - rdma/ocrdma: Fix an error code in ocrdma_alloc_pd() (bsc#1082979). - rdma/ocrdma: Fix error codes in ocrdma_create_srq() (bsc#1082979). - rdma/ucm: Mark UCM interface as BROKEN (bnc#1012382). - rds: avoid unenecessary cong_update in loop transport (bnc#1012382). - Revert 'block-cancel-workqueue-entries-on-blk_mq_freeze_queue' (bsc#1103717) - Revert 'sit: reload iphdr in ipip6_rcv' (bnc#1012382). - Revert 'x86/cpufeature: Move some of the scattered feature bits to x86_capability' (kabi). - Revert 'x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6' (kabi). - rtlwifi: rtl8821ae: fix firmware is not ready to run (bnc#1012382). - s390/qeth: fix error handling in adapter command callbacks (bnc#1103745, LTC#169699). - sched/smt: Update sched_smt_present at runtime (bsc#1089343). - scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1082979). - scsi: sg: fix minor memory leak in error path (bsc#1082979). - scsi: target: fix crash with iscsi target and dvd (bsc#1082979). - smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132). - smsc95xx: Configure pause time to 0xffff when tx flow control enabled (bsc#1085536). - supported.conf: Do not build KMP for openSUSE kernels The merge of kselftest-kmp was overseen, and bad for openSUSE-42.3 - tcp: fix Fast Open key endianness (bnc#1012382). - tcp: prevent bogus FRTO undos with non-SACK flows (bnc#1012382). - tools build: fix # escaping in .cmd files for future Make (bnc#1012382). - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() (bnc#1012382). - usb: core: handle hub C_PORT_OVER_CURRENT condition (bsc#1100132). - usb: quirks: add delay quirks for Corsair Strafe (bnc#1012382). - usb: serial: ch341: fix type promotion bug in ch341_control_in() (bnc#1012382). - usb: serial: cp210x: add another USB ID for Qivicon ZigBee stick (bnc#1012382). - usb: serial: keyspan_pda: fix modem-status error handling (bnc#1012382). - usb: serial: mos7840: fix status-register error handling (bnc#1012382). - usb: yurex: fix out-of-bounds uaccess in read handler (bnc#1012382). - vfio: platform: Fix reset module leak in error path (bsc#1102211). - vfs: add the sb_start_intwrite_trylock() helper (bsc#1101841). - vhost_net: validate sock before trying to put its fd (bnc#1012382). - vmw_balloon: fix inflation with batching (bnc#1012382). - x86/alternatives: Add an auxilary section (bnc#1012382). - x86/alternatives: Discard dynamic check after init (bnc#1012382). - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343). - x86/asm: Add _ASM_ARG* constants for argument registers to (bnc#1012382). - x86/boot: Simplify kernel load address alignment check (bnc#1012382). - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343). - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343). - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343). Update config files. - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343). - x86/cpu/common: Provide detect_ht_early() (bsc#1089343). - x86/cpufeature: Add helper macro for mask check macros (bnc#1012382). - x86/cpufeature: Carve out X86_FEATURE_* (bnc#1012382). - x86/cpufeature: Get rid of the non-asm goto variant (bnc#1012382). - x86/cpufeature: Make sure DISABLED/REQUIRED macros are updated (bnc#1012382). - x86/cpufeature: Move some of the scattered feature bits to x86_capability (bnc#1012382). - x86/cpufeature: Replace the old static_cpu_has() with safe variant (bnc#1012382). - x86/cpufeature: Speed up cpu_feature_enabled() (bnc#1012382). - x86/cpufeature: Update cpufeaure macros (bnc#1012382). - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343). - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (bnc#1012382). - x86/cpu: Provide a config option to disable static_cpu_has (bnc#1012382). - x86/cpu: Remove the pointless CPU printout (bsc#1089343). - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343). - x86/fpu: Add an XSTATE_OP() macro (bnc#1012382). - x86/fpu: Get rid of xstate_fault() (bnc#1012382). - x86/headers: Do not include asm/processor.h in asm/atomic.h (bnc#1012382). - x86/mm/pkeys: Fix mismerge of protection keys CPUID bits (bnc#1012382). - x86/mm: Simplify p[g4um]d_page() macros (1087081). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343). - x86/smp: Provide topology_is_primary_thread() (bsc#1089343). - x86/topology: Add topology_max_smt_threads() (bsc#1089343). - x86/topology: Provide topology_smt_supported() (bsc#1089343). - x86/vdso: Use static_cpu_has() (bnc#1012382). - xen/grant-table: log the lack of grants (bnc#1085042). - xen-netfront: Fix mismatched rtnl_unlock (bnc#1101658). - xen-netfront: Update features after registering netdev (bnc#1101658). - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bnc#1012382).
    last seen 2018-11-02
    modified 2018-11-01
    plugin id 111997
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111997
    title openSUSE Security Update : the Linux Kernel (openSUSE-2018-885) (Foreshadow)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3265-1.NASL
    description This update for the Linux Kernel 3.12.61-52_146 fixes several issues. The following security issues were fixed : CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-24
    modified 2018-10-23
    plugin id 118318
    published 2018-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118318
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3265-1)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZA-2018-063.NASL
    description According to the versions of the OVMF / crit / criu / criu-devel / ksm-vz / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's skcipher component, which affects the skcipher_recvmsg function. Attackers using a specific input can lead to a privilege escalation. - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. - A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. - ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access. - The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-12
    modified 2018-08-31
    plugin id 112206
    published 2018-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112206
    title Virtuozzo 7 : OVMF / crit / criu / criu-devel / ksm-vz / etc (VZA-2018-063)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2860-1.NASL
    description This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed : CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-03
    modified 2018-11-02
    plugin id 117801
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117801
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2860-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2328-1.NASL
    description The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.143 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-5390 aka 'SegmentSmack': Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-14734: drivers/infiniband/core/ucma.c in the Linux kernel allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-02
    modified 2018-11-01
    plugin id 111746
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111746
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2328-1) (Foreshadow)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2948.NASL
    description An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, aarch64) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) Space precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article : https://access.redhat.com/articles/3658021 For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391; Qualys Research Labs for reporting CVE-2018-1120; David Rientjes (Google) for reporting CVE-2018-1000200; and Wen Xu for reporting CVE-2018-1092, CVE-2018-1094, and CVE-2018-1095. The CVE-2018-14619 issue was discovered by Florian Weimer (Red Hat) and Ondrej Mosnacek (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2018-11-02
    modified 2018-11-01
    plugin id 118513
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118513
    title RHEL 7 : kernel-alt (RHSA-2018:2948) (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2390.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16th August 2018] The original errata text was missing reference to CVE-2018-5390 fix. We have updated the errata text to correct this issue. No changes have been made to the packages. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390; and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bug Fix(es) : * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819)
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111731
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111731
    title RHEL 6 : kernel (RHSA-2018:2390) (Foreshadow)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3741-1.NASL
    description It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111751
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111751
    title Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3741-1) (Foreshadow)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4195.NASL
    description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111725
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111725
    title Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4195) (Foreshadow)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2344-2.NASL
    description The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). CVE-2018-5390 aka 'SegmentSmack': The Linux Kernel can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). CVE-2018-9385: When printing the 'driver_override' option from with-in the amba driver, a very long line could expose one additional uninitialized byte (bnc#1100491). CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416). CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-02
    modified 2018-11-01
    plugin id 118283
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118283
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2344-2) (Foreshadow)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2785.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391. Bug Fix(es) : * On systems running Red Hat Enterprise Linux 7 with Red Hat OpenShift Container Platform 3.5, a node sometimes got into 'NodeNotReady' state after a CPU softlockup. Consequently, the node was not available. This update fixes an irq latency source in memory compaction. As a result, nodes no longer get into 'NodeNotReady' state under the described circumstances. (BZ#1596281) * Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported 'Not affected' on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as 'Vulnerable' or 'Mitigation: Kernel entry/exit barrier (TYPE)' where TYPE is one of 'eieio', 'hwsync', 'fallback', or 'unknown'. (BZ# 1612351) * The hypervisors of Red Hat Enterprise Linux 7 virtual machines (VMs) in certain circumstances mishandled the microcode update in the kernel. As a consequence, the VMs sometimes became unresponsive when booting. This update applies an upstream patch to avoid early microcode update when running under a hypervisor. As a result, kernel hangs no longer occur in the described scenario. (BZ#1618388)
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 117781
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117781
    title RHEL 7 : kernel (RHSA-2018:2785)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2960-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_63 fixes several issues. The following security issues were fixed : CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-03
    modified 2018-11-02
    plugin id 117866
    published 2018-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117866
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2960-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2344-1.NASL
    description The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5390 aka 'SegmentSmack': The Linux Kernel can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-5391 aka 'FragmentSmack': A flaw in the IP packet reassembly could be used by remote attackers to consume lots of CPU time (bnc#1103097). - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 bnc#1103580). - CVE-2018-9385: When printing the 'driver_override' option from with-in the amba driver, a very long line could expose one additional uninitialized byte (bnc#1100491). - CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924). - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416). - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 1100418). - CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-02
    modified 2018-11-01
    plugin id 111815
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111815
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2344-1) (Foreshadow)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2374-1.NASL
    description The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.143 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081). - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343). - CVE-2018-5391: A flaw in the IP packet reassembly could be used by remote attackers to consume CPU time (bnc#1103097). - CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340). - CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 1103580). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-02
    modified 2018-11-01
    plugin id 111837
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111837
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2374-1) (Foreshadow)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-2390.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16th August 2018] The original errata text was missing reference to CVE-2018-5390 fix. We have updated the errata text to correct this issue. No changes have been made to the packages. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390; and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bug Fix(es) : * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819)
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 111704
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111704
    title CentOS 6 : kernel (CESA-2018:2390) (Foreshadow)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3328-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_107 fixes several issues. The following security issues were fixed : CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bsc#1107832). CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-25
    modified 2018-10-24
    plugin id 118349
    published 2018-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118349
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3328-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1345.NASL
    description According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3646) - A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses.(CVE-2018-5390) - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.(CVE-2018-3620) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 118433
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118433
    title EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1345)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3742-1.NASL
    description It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2017-18344) Juha-Matti Tilli discovered that the TCP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packets. A remote attacker could use this to cause a denial of service. (CVE-2018-5390) Juha-Matti Tilli discovered that the IP implementation in the Linux kernel performed algorithmically expensive operations in some situations when handling incoming packet fragments. A remote attacker could use this to cause a denial of service. (CVE-2018-5391). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-02
    modified 2018-11-01
    plugin id 111753
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111753
    title Ubuntu 14.04 LTS : linux vulnerabilities (USN-3742-1) (Foreshadow)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2787-1.NASL
    description This update for the Linux Kernel 3.12.61-52_122 fixes several issues. The following security issues were fixed : CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-03
    modified 2018-11-02
    plugin id 117663
    published 2018-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117663
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2787-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4189.NASL
    description Description of changes: [4.14.35-1818.0.14.el7uek] - tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390}
    last seen 2018-10-13
    modified 2018-10-12
    plugin id 111562
    published 2018-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111562
    title Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4189)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2384.NASL
    description