Oracle Linux 7 : kernel (ELSA-2014-0786)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

From Red Hat Security Advisory 2014:0786 :

Updated kernel packages that fix multiple security issues, several
bugs, and add various enhancements are now available for Red Hat
Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's futex subsystem
handled the requeuing of certain Priority Inheritance (PI) futexes. A
local, unprivileged user could use this flaw to escalate their
privileges on the system. (CVE-2014-3153, Important)

* A use-after-free flaw was found in the way the ping_init_sock()
function of the Linux kernel handled the group_info reference counter.
A local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-2851,
Important)

* Use-after-free and information leak flaws were found in the way the
Linux kernel's floppy driver processed the FDRAWCMD IOCTL command. A
local user with write access to /dev/fdX could use these flaws to
escalate their privileges on the system. (CVE-2014-1737,
CVE-2014-1738, Important)

* It was found that the aio_read_events_ring() function of the Linux
kernel's Asynchronous I/O (AIO) subsystem did not properly sanitize
the AIO ring head received from user space. A local, unprivileged user
could use this flaw to disclose random parts of the (physical) memory
belonging to the kernel and/or other processes. (CVE-2014-0206,
Moderate)

* An out-of-bounds memory access flaw was found in the Netlink
Attribute extension of the Berkeley Packet Filter (BPF) interpreter
functionality in the Linux kernel's networking implementation. A
local, unprivileged user could use this flaw to crash the system or
leak kernel memory to user space via a specially crafted socket
filter. (CVE-2014-3144, CVE-2014-3145, Moderate)

* An information leak flaw was found in the way the skb_zerocopy()
function copied socket buffers (skb) that are backed by user-space
buffers (for example vhost-net and Xen netback), potentially allowing
an attacker to read data from those buffers. (CVE-2014-2568, Low)

Red Hat would like to thank Kees Cook of Google for reporting
CVE-2014-3153 and Matthew Daley for reporting CVE-2014-1737 and
CVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter
of CVE-2014-3153. The CVE-2014-0206 issue was discovered by Mateusz
Guzik of Red Hat.

This update also fixes the following bugs :

* Due to incorrect calculation of Tx statistics in the qlcninc driver,
running the 'ethtool -S ethX' command could trigger memory corruption.
As a consequence, running the sosreport tool, that uses this command,
resulted in a kernel panic. The problem has been fixed by correcting
the said statistics calculation. (BZ#1104972)

* When an attempt to create a file on the GFS2 file system failed due
to a file system quota violation, the relevant VFS inode was not
completely uninitialized. This could result in a list corruption
error. This update resolves this problem by correctly uninitializing
the VFS inode in this situation. (BZ#1097407)

* Due to a race condition in the kernel, the getcwd() system call
could return '/' instead of the correct full path name when querying a
path name of a file or directory. Paths returned in the '/proc' file
system could also be incorrect. This problem was causing instability
of various applications. The aforementioned race condition has been
fixed and getcwd() now always returns the correct paths. (BZ#1099048)

In addition, this update adds the following enhancements :

* The kernel mutex code has been improved. The changes include
improved queuing of the MCS spin locks, the MCS code optimization,
introduction of the cancellable MCS spin locks, and improved handling
of mutexes without wait locks. (BZ#1103631, BZ#1103629)

* The handling of the Virtual Memory Area (VMA) cache and huge page
faults has been improved. (BZ#1103630)

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add these
enhancements. The system must be rebooted for this update to take
effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2014-July/004282.html

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now