Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4025) (Meltdown)

High Nessus Plugin ID 106670

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.1


The remote Oracle Linux host is missing one or more security updates.


Description of changes:

- drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 27234850] [Orabug: 27234850]
- hugetlb: fix nr_pmds accounting with shared page tables (Kirill A. Shutemov) [Orabug: 26988581]
- x86/IBRS: Drop unnecessary WRITE_ONCE (Boris Ostrovsky) [Orabug: 27416198]
- x86/IBRS: Don't try to change IBRS mode if IBRS is not available (Boris Ostrovsky) [Orabug: 27416198]
- x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27416198]
- x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27418896]
- x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk)
- x86/spec: Don't print the Missing arguments for option spectre_v2. (Konrad Rzeszutek Wilk)
- x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk)
- x86/IBPB: Provide debugfs interface for changing IBPB mode (Boris Ostrovsky) [Orabug: 27449065]
- xen: Make PV Dom0 Linux kernel NUMA aware (Elena Ufimtseva)
- net/rds: Fix incorrect error handling (H&aring kon Bugge) [Orabug: 26848729]
- net/rds: use multiple sge than buddy allocation in congestion code (Wei Lin Guay) [Orabug: 26848729]
- Revert 'RDS: fix the sg allocation based on actual message size' (Wei Lin Guay) [Orabug: 26848729]
- Revert 'RDS: avoid large pages for sg allocation for TCP transport' (Wei Lin Guay) [Orabug: 26848729]
- Revert 'net/rds: Reduce memory footprint in rds_sendmsg' (Wei Lin Guay) [Orabug: 26848729]
- net/rds: reduce memory footprint during ib_post_recv in IB transport (Wei Lin Guay) [Orabug: 26848729]
- net/rds: reduce memory footprint during rds_sendmsg with IB transport (Wei Lin Guay) [Orabug: 26848729]
- net/rds: set the rds_ib_init_frag based on supported sge (Wei Lin Guay) [Orabug: 26848729]
- bnxt_en: Fix possible corrupted NVRAM parameters from firmware response. (Michael Chan) [Orabug: 27199588]
- x86, kasan: Fix build failure on KASAN=y KMEMCHECK=y kernels (Andrey Ryabinin) [Orabug: 27255122]
- x86, efi, kasan: Fix build failure on !KASAN KMEMCHECK=y kernels (Andrey Ryabinin) [Orabug: 27255122]
- x86, efi, kasan: #undef memset/memcpy/memmove per arch (Andrey Ryabinin) [Orabug: 27255122]
- Revert 'Makefile: Build with -Werror=date-time if the compiler supports it' (Gayatri Vasudevan) [Orabug: 27255122]
- dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290300] {CVE-2017-8824}
- x86/efi: Initialize and display UEFI secure boot state a bit later during init (Daniel Kiper) [Orabug: 27309477]
- x86/espfix: Init espfix on the boot CPU side (Zhu Guihua) [Orabug: 27344552]
- x86/espfix: Add 'cpu' parameter to init_espfix_ap() (Zhu Guihua) [Orabug: 27344552]
- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344841] {CVE-2017-0861} {CVE-2017-0861}
- fs/ocfs2: remove page cache for converted direct write (Wengang Wang)
- Revert 'ocfs2: code clean up for direct io' (Wengang Wang)
- assoc_array: Fix a buggy node-splitting case (David Howells) [Orabug: 27364592] {CVE-2017-12193} {CVE-2017-12193}
- Sanitize 'move_pages()' permission checks (Linus Torvalds) [Orabug: 27364690] {CVE-2017-14140}
- pti: compile fix for when PTI is disabled (Pavel Tatashin) [Orabug: 27383147] {CVE-2017-5754}
- sctp: do not peel off an assoc from one netns to another one (Xin Long) [Orabug: 27386999] {CVE-2017-15115}
- net: ipv4: fix for a race condition in raw_sendmsg (Mohamed Ghannam) [Orabug: 27390682] {CVE-2017-17712}
- mlx4: add mstflint secure boot access kernel support (Qing Huang) [Orabug: 27404202]
- x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk)
- x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk)
- x86: Move ENABLE_IBRS in the interrupt macro. (Konrad Rzeszutek Wilk) [Orabug: 27449045]


Update the affected unbreakable enterprise kernel packages.

See Also

Plugin Details

Severity: High

ID: 106670

File Name: oraclelinux_ELSA-2018-4025.nasl

Version: 3.11

Type: local

Agent: unix

Published: 2018/02/08

Updated: 2019/09/27

Dependencies: 12634, 122878

Risk Information

Risk Factor: High

VPR Score: 8.1

CVSS v2.0

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/02/07

Vulnerability Publication Date: 2017/09/05

Reference Information

CVE: CVE-2017-0861, CVE-2017-12193, CVE-2017-14140, CVE-2017-15115, CVE-2017-17712, CVE-2017-5754, CVE-2017-8824

IAVA: 2018-A-0019