Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4126) (Spectre)

Medium Nessus Plugin ID 110404

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.1.12-124.15.4.el7uek]
- x86/bugs/IBRS: Keep SSBD mitigation in effect if spectre_v2=ibrs is selected (Mihai Carabas)
- fs/pstore: update the backend parameter in pstore module (Wang Long) [Orabug: 27994372]
- kvm: vmx: Reinstate support for CPUs without virtual NMI (Paolo Bonzini) [Orabug: 28041210]
- dm crypt: add big-endian variant of plain64 IV (Milan Broz) [Orabug: 28043932]
- x86/bugs: Rename SSBD_NO to SSB_NO (Konrad Rzeszutek Wilk) [Orabug: 28063992] {CVE-2018-3639}
- KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Tom Lendacky) [Orabug: 28063992] [Orabug: 28069548] {CVE-2018-3639}
- x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs: Rework spec_ctrl base and mask logic (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs: Expose x86_spec_ctrl_base directly (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639}
- x86/speculation: Rework speculative_store_bypass_update() (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/speculation: Add virtualized speculative store bypass disable support (Tom Lendacky) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/speculation: Handle HT correctly on AMD (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/cpufeatures: Add FEATURE_ZEN (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/cpu/AMD: Fix erratum 1076 (CPB bit) (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639}

[4.1.12-124.15.3.el7uek]
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] {CVE-2018-1000199}
- Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947602]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2018-June/007773.html

https://oss.oracle.com/pipermail/el-errata/2018-June/007774.html

Plugin Details

Severity: Medium

ID: 110404

File Name: oraclelinux_ELSA-2018-4126.nasl

Version: 1.9

Type: local

Agent: unix

Published: 2018/06/08

Updated: 2019/09/27

Dependencies: 12634, 122878

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.9

Temporal Score: 3.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/06/07

Vulnerability Publication Date: 2018/05/22

Reference Information

CVE: CVE-2018-1000199, CVE-2018-3639