Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4509)

Medium Nessus Plugin ID 121201

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.14.35-1844.1.3.el7uek]
- net: rds: fix rds_ib_sysctl_max_recv_allocation error (Zhu Yanjun) [Orabug: 29003422] - nfs: don't dirty kernel pages read by direct-io (Dave Kleikamp) [Orabug: 29122062] - KVM: X86: Fix scan ioapic use-before-initialization (Wanpeng Li) [Orabug: 29026132] {CVE-2018-19407}
- hugetlb: take PMD sharing into account when flushing tlb/caches (Mike Kravetz) [Orabug: 28951436] - mm: migration: fix migration of huge PMD shared pages (Mike Kravetz) [Orabug: 28951436] - mm/mmu_notifier: avoid double notification when it is useless (J&eacute r&ocirc me Glisse) [Orabug: 28951436]

[4.14.35-1844.1.2.el7uek]
- ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (Hui Peng) [Orabug: 29042979] {CVE-2018-19824}
- arm64/kernel: kaslr: reduce module randomization range to 4 GB (Ard Biesheuvel) [Orabug: 28954789] - xfs: enhance dinode verifier (Eric Sandeen) [Orabug: 28997653] {CVE-2018-10322}
- xfs: move inode fork verifiers to xfs_dinode_verify (Darrick J. Wong) [Orabug: 28997653] {CVE-2018-10322}
- Revert 'xfs: move inode fork verifiers to xfs_dinode_verify' (Shan Hai) [Orabug: 28997653] - Revert 'xfs: enhance dinode verifier' (Shan Hai) [Orabug: 28997653]

[4.14.35-1844.1.1.el7uek]
- arm64: disable /dev/port on 64 bit ARM (Eric Saint-Etienne) [Orabug: 28961247] - crypto: ccp - add timeout support in the SEV command (Brijesh Singh) [Orabug: 29029018] - crypto: ccp - Add GET_ID SEV command (Janakarajan Natarajan) [Orabug: 29029018] - crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command (Janakarajan Natarajan) [Orabug: 29029018]
- net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() (Wei Yongjun) [Orabug: 27677743] {CVE-2018-8043}
- vti6: remove !skb->ignore_df check from vti6_xmit() (Alexey Kodanev) [Orabug: 28940590] - A/A failback does not work in concert with ibacm (H&aring kon Bugge) [Orabug: 28972800] - ACPICA: Reference Counts: increase max to 0x4000 for large servers (Erik Schmauss) [Orabug: 29019053]

[4.14.35-1844.1.0.el7uek]
- wil6210: missing length check in wmi_set_ie (Lior David) [Orabug: 28951264] {CVE-2018-5848}
- [PATCH UEK5 u1 v3] dtrace: add DTRACEACT_PCAP for packet capture for later pcap_dump() (Alan Maguire) [Orabug: 28951771] - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) {CVE-2018-7755} {CVE-2018-7755}
- [PATCH UEK5 u1 v2] dtrace: fix ip provider inconsistencies between IPv4/IPv6 (Alan Maguire) [Orabug: 28956807] - x86/speculation: Make enhanced IBRS the default spectre v2 mitigation (Alejandro Jimenez) [Orabug: 28992002] - x86/speculation: Enable enhanced IBRS usage (Alejandro Jimenez) [Orabug: 28992002] - x86/speculation: functions for supporting enhanced IBRS (Alejandro Jimenez) [Orabug: 28992002] - Add forward declaration of tlb_flush, required for asm-generic. (Jack Vogel) [Orabug: 28866513] - x86/mm: Page size aware flush_tlb_mm_range() (Peter Zijlstra) [Orabug: 28866513] - mm/memory: Move mmu_gather and TLB invalidation code into its own file (Peter Zijlstra) [Orabug: 28866513]
- asm-generic/tlb: Track which levels of the page tables have been cleared (Will Deacon) [Orabug: 28866513] - asm-generic/tlb: Track freeing of page-table directories in struct mmu_gather (Peter Zijlstra) [Orabug: 28866513] - mm: mmu_notifier fix for tlb_end_vma (Nicholas Piggin) [Orabug: 28866513] - mm: update comment describing tlb_gather_mmu (Mike Rapoport) [Orabug: 28866513]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2019-January/008369.html

Plugin Details

Severity: Medium

ID: 121201

File Name: oraclelinux_ELSA-2019-4509.nasl

Version: 1.8

Type: local

Agent: unix

Published: 2019/01/16

Updated: 2020/02/24

Dependencies: 122878, 12634

Risk Information

Risk Factor: Medium

VPR Score: 6.7

CVSS Score Source: CVE-2018-5848

CVSS v2.0

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/01/15

Vulnerability Publication Date: 2018/03/08

Reference Information

CVE: CVE-2018-10322, CVE-2018-19407, CVE-2018-19824, CVE-2018-5848, CVE-2018-7755, CVE-2018-8043