Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4004) (Spectre)

Medium Nessus Plugin ID 105759

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.1.12-112.14.5.el7uek]
- x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27350825]

[4.1.12-112.14.4.el7uek]
- kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715}

[4.1.12-112.14.3.el7uek]
- userns: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- udf: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- fs: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- p54: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} {CVE-2017-5715}
- x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715}
- x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27339995] {CVE-2017-5715}
- Clear the host registers after setbe (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715}
- Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715}
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715}
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715}
- Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715}
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715}
- x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715}
- x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715}
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715}
- x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715}
- *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2018-January/007451.html

https://oss.oracle.com/pipermail/el-errata/2018-January/007452.html

Plugin Details

Severity: Medium

ID: 105759

File Name: oraclelinux_ELSA-2018-4004.nasl

Version: 3.8

Type: local

Agent: unix

Published: 2018/01/12

Modified: 2018/07/24

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/01/11

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2017-5715, CVE-2017-5753

IAVA: 2018-A-0020