Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4088) (Spectre)

High Nessus Plugin ID 109524

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.6

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[2.6.39-400.298.6.el6uek]
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-100199}

[2.6.39-400.298.5.el6uek]
- xen-netfront: fix rx stall when req_prod_pvt goes back to more than zero again (Dongli Zhang) [Orabug: 25053376]
- x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27430615]
- x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343579]

[2.6.39-400.298.4.el6uek]
- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148283] {CVE-2017-16527}
- uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206900] {CVE-2017-16526}
- HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207935] {CVE-2017-16533}
- cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208080] {CVE-2017-16536}
- net: cdc_ether: fix divide by 0 on bad descriptors (Bj&oslash rn Mork) [Orabug: 27215206] {CVE-2017-16649}
- Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket (Al Viro) [Orabug: 27344787] {CVE-2017-15868}
- Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344787] {CVE-2017-15868}
- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344840] {CVE-2017-0861} {CVE-2017-0861}
- Addendum: x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441]
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (David Woodhouse) [Orabug: 27649498] {CVE-2017-5715}
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27649510] {CVE-2017-5715}
- x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27649631] {CVE-2017-5715}
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (KarimAllah Ahmed) [Orabug: 27649640] {CVE-2017-5715}
- x86: Add STIBP feature enumeration (David Woodhouse) [Orabug: 27649693] {CVE-2017-5715}
- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27649706] {CVE-2017-5715}
- x86/spectre_v2: Don't spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27649723] {CVE-2017-5715}
- x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27600848]
- Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27601773]
- x86/syscall: run syscall exit code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176]
- x86/syscall: run syscall-specific code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176]
- x86/syscall: run syscall entry code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176]
- x86/spectre: Drop the warning about ibrs being obsolete (Konrad Rzeszutek Wilk) [Orabug: 27518974]
- x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27519044]
- x86: fix mitigation details of UEK2 spectre v1 (Konrad Rzeszutek Wilk) [Orabug: 27509909]
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] {CVE-2017-5715}
- x86, intel: Output microcode revision in /proc/cpuinfo (Andi Kleen) [Orabug: 27516441]
- x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516441]
- x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516441]
- x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) [Orabug: 27525958]
- x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) [Orabug: 27525954]
- x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) [Orabug: 27525923]
- x86/spec: Also print IBRS if IBPB is disabled (Konrad Rzeszutek Wilk) [Orabug: 27519083]
- x86: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516378]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2018-May/007657.html

Plugin Details

Severity: High

ID: 109524

File Name: oraclelinux_ELSA-2018-4088.nasl

Version: 1.11

Type: local

Agent: unix

Published: 2018/05/02

Updated: 2019/09/27

Dependencies: 12634, 122878

Risk Information

Risk Factor: High

VPR Score: 7.6

CVSS v2.0

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/05/01

Vulnerability Publication Date: 2017/11/04

Reference Information

CVE: CVE-2017-0861, CVE-2017-15868, CVE-2017-16526, CVE-2017-16527, CVE-2017-16533, CVE-2017-16536, CVE-2017-16649, CVE-2017-5715, CVE-2018-100199

IAVA: 2018-A-0020