Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4242) (Foreshadow)

High Nessus Plugin ID 118053

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.14.35-1818.3.3.el7uek]
- net: net_failover: fix typo in net_failover_slave_register() (Liran Alon) [Orabug: 28122110]
- virtio_net: Extend virtio to use VF datapath when available (Sridhar Samudrala) [Orabug: 28122110]
- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar Samudrala) [Orabug: 28122110]
- net: Introduce net_failover driver (Sridhar Samudrala) [Orabug: 28122110]
- net: Introduce generic failover module (Sridhar Samudrala) [Orabug: 28122110]
- IB/ipoib: Improve filtering log message (Yuval Shaia) [Orabug: 28655435]
- IB/ipoib: Fix wrong update of arp_blocked counter (Yuval Shaia) [Orabug: 28655435]
- IB/ipoib: Update RX counters after ACL filtering (Yuval Shaia) [Orabug: 28655435]
- IB/ipoib: Filter RX packets before adding pseudo header (Yuval Shaia) [Orabug: 28655435]
- dm crypt: add middle-endian variant of plain64 IV (Konrad Rzeszutek Wilk) [Orabug: 28604629]
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour) [Orabug: 28644322]
- net/rds: Fix call to sleeping function in a non-sleeping context (H&aring kon Bugge) [Orabug: 28657397]
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664499] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664576] {CVE-2017-13695}
- usb: xhci: do not create and register shared_hcd when USB3.0 is disabled (Tung Nguyen) [Orabug: 28677854]

[4.14.35-1818.3.2.el7uek]
- hwmon: (k10temp) Display both Tctl and Tdie (Guenter Roeck) [Orabug: 28143470]
- hwmon: (k10temp) Use API function to access System Management Network (Guenter Roeck) [Orabug: 28143470]
- hwmon: (k10temp) Fix reading critical temperature register (Guenter Roeck) [Orabug: 28143470]
- hwmon: (k10temp) Add temperature offset for Ryzen 2700X (Guenter Roeck) [Orabug: 28143470]
- hwmon: (k10temp) Add support for temperature offsets (Guenter Roeck) [Orabug: 28143470]
- hwmon: (k10temp) Add support for family 17h (Guenter Roeck) [Orabug: 28143470]
- hwmon: (k10temp) Move chip specific code into probe function (Guenter Roeck) [Orabug: 28143470]
- net/rds: make the source code clean (Zhu Yanjun) [Orabug: 28607913]
- net/rds: Use rdma_read_gids to get connection SGID/DGID in IPv6 (Zhu Yanjun) [Orabug: 28607913]
- net/rds: Use rdma_read_gids to read connection GIDs (Parav Pandit) [Orabug: 28607913]
- posix-timers: Sanitize overrun handling (Thomas Gleixner) [Orabug: 28642970] {CVE-2018-12896}
- crypto: ccp - Add support for new CCP/PSP device ID (Tom Lendacky) [Orabug: 28584386]
- crypto: ccp - Support register differences between PSP devices (Tom Lendacky) [Orabug: 28584386]
- crypto: ccp - Remove unused #defines (Tom Lendacky) [Orabug: 28584386]
- crypto: ccp - Add psp enabled message when initialization succeeds (Tom Lendacky) [Orabug: 28584386]
- crypto: ccp - Fix command completion detection race (Tom Lendacky) [Orabug: 28584386]
- iommu/amd: Add support for IOMMU XT mode (Suravee Suthikulpanit) [Orabug: 28584386]
- iommu/amd: Add support for higher 64-bit IOMMU Control Register (Suravee Suthikulpanit) [Orabug: 28584386]
- x86: irq_remapping: Move irq remapping mode enum (Suravee Suthikulpanit) [Orabug: 28584386]
- x86/CPU/AMD: Fix LLC ID bit-shift calculation (Suravee Suthikulpanit) [Orabug: 28584386]
- x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available (Suravee Suthikulpanit) [Orabug: 28584386]
- x86/CPU/AMD: Calculate last level cache ID from number of sharing threads (Suravee Suthikulpanit) [Orabug: 28584386]
- x86/CPU: Rename intel_cacheinfo.c to cacheinfo.c (Borislav Petkov) [Orabug: 28584386]
- perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id (Suravee Suthikulpanit) [Orabug: 28584386]
- x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present (Borislav Petkov) [Orabug: 28584386]

[4.14.35-1818.3.1.el7uek]
- arm64: vdso: fix clock_getres for 4GiB-aligned res (Mark Rutland) [Orabug: 28603375]
- locking/qrwlock: Prevent slowpath writers getting held up by fastpath (Will Deacon) [Orabug: 28605196]
- locking/qrwlock, arm64: Move rwlock implementation over to qrwlocks (Will Deacon) [Orabug: 28605196]
- locking/qrwlock: Use atomic_cond_read_acquire() when spinning in qrwlock (Will Deacon) [Orabug: 28605196]
- locking/atomic: Add atomic_cond_read_acquire() (Will Deacon) [Orabug: 28605196]
- rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map (H&aring kon Bugge) [Orabug: 28565429] {CVE-2018-7492}
- irqchip/irq-bcm2836: Add support for DT interrupt polarity (Stefan Wahren) [Orabug: 28596168]
- dt-bindings/bcm2836-l1-intc: Add interrupt polarity support (Stefan Wahren) [Orabug: 28596168]
- dt-bindings/bcm283x: Define polarity of per-cpu interrupts (Stefan Wahren) [Orabug: 28596168]
- x86/spec_ctrl: Only set SPEC_CTRL_IBRS_FIRMWARE if IBRS is actually in use (Patrick Colp) [Orabug: 28610695]

[4.14.35-1818.2.2.el7uek]
- x86/xen: Calculate __max_logical_packages on PV domains (Prarit Bhargava) [Orabug: 28476586]
- x86/entry/64: Remove %ebx handling from error_entry/exit (Andy Lutomirski) [Orabug: 28402921] {CVE-2018-14678}
- x86/pti: Don't report XenPV as vulnerable (Jiri Kosina) [Orabug: 28476680]
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (Andi Kleen) [Orabug: 28488807] {CVE-2018-3620}
- x86/speculation/l1tf: Suggest what to do on systems with too much RAM (Vlastimil Babka) [Orabug: 28488807] {CVE-2018-3620}
- x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (Vlastimil Babka) [Orabug: 28488807] {CVE-2018-3620}
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28488807] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28488807] {CVE-2018-3620}
- x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Guenter Roeck) [Orabug: 28488807] {CVE-2018-3620}
- x86/spectre: Add missing family 6 check to microcode check (Andi Kleen) [Orabug: 28488807] {CVE-2018-3620}
- KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (Thomas Gleixner) [Orabug: 28488807] {CVE-2018-3646}
- x86/microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [Orabug: 28488807] {CVE-2018-3620}
- PCI: Add ACS quirk for Ampere root ports (Feng Kan) [Orabug: 28525940]
- xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE (Darrick J. Wong) [Orabug: 28573020]
- uek-rpm: Disable F2FS in the UEK5 config (Victor Erminpour) [Orabug: 28577123]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2018-October/008126.html

Plugin Details

Severity: High

ID: 118053

File Name: oraclelinux_ELSA-2018-4242.nasl

Version: 1.7

Type: local

Agent: unix

Published: 2018/10/11

Updated: 2019/09/27

Dependencies: 122878, 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2018/10/10

Vulnerability Publication Date: 2017/08/25

Reference Information

CVE: CVE-2017-13695, CVE-2018-12896, CVE-2018-14678, CVE-2018-16658, CVE-2018-3620, CVE-2018-3646, CVE-2018-7492