Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4088) (Spectre)

High Nessus Plugin ID 109524

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[2.6.39-400.298.6.el6uek]
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-100199}

[2.6.39-400.298.5.el6uek]
- xen-netfront: fix rx stall when req_prod_pvt goes back to more than zero again (Dongli Zhang) [Orabug: 25053376]
- x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27430615]
- x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343579]

[2.6.39-400.298.4.el6uek]
- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148283] {CVE-2017-16527}
- uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206900] {CVE-2017-16526}
- HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207935] {CVE-2017-16533}
- cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208080] {CVE-2017-16536}
- net: cdc_ether: fix divide by 0 on bad descriptors (Bj&oslash rn Mork) [Orabug: 27215206] {CVE-2017-16649}
- Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket (Al Viro) [Orabug: 27344787] {CVE-2017-15868}
- Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344787] {CVE-2017-15868}
- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344840] {CVE-2017-0861} {CVE-2017-0861}
- Addendum: x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441]
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (David Woodhouse) [Orabug: 27649498] {CVE-2017-5715}
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27649510] {CVE-2017-5715}
- x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27649631] {CVE-2017-5715}
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (KarimAllah Ahmed) [Orabug: 27649640] {CVE-2017-5715}
- x86: Add STIBP feature enumeration (David Woodhouse) [Orabug: 27649693] {CVE-2017-5715}
- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27649706] {CVE-2017-5715}
- x86/spectre_v2: Don't spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27649723] {CVE-2017-5715}
- x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27600848]
- Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27601773]
- x86/syscall: run syscall exit code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176]
- x86/syscall: run syscall-specific code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176]
- x86/syscall: run syscall entry code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176]
- x86/spectre: Drop the warning about ibrs being obsolete (Konrad Rzeszutek Wilk) [Orabug: 27518974]
- x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27519044]
- x86: fix mitigation details of UEK2 spectre v1 (Konrad Rzeszutek Wilk) [Orabug: 27509909]
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] {CVE-2017-5715}
- x86, intel: Output microcode revision in /proc/cpuinfo (Andi Kleen) [Orabug: 27516441]
- x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516441]
- x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516441]
- x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) [Orabug: 27525958]
- x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) [Orabug: 27525954]
- x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) [Orabug: 27525923]
- x86/spec: Also print IBRS if IBPB is disabled (Konrad Rzeszutek Wilk) [Orabug: 27519083]
- x86: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516378]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2018-May/007657.html

Plugin Details

Severity: High

ID: 109524

File Name: oraclelinux_ELSA-2018-4088.nasl

Version: 1.11

Type: local

Agent: unix

Published: 2018/05/02

Updated: 2019/09/27

Dependencies: 12634, 122878

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/05/01

Vulnerability Publication Date: 2017/11/04

Reference Information

CVE: CVE-2017-0861, CVE-2017-15868, CVE-2017-16526, CVE-2017-16527, CVE-2017-16533, CVE-2017-16536, CVE-2017-16649, CVE-2017-5715, CVE-2018-100199

IAVA: 2018-A-0020