Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4541)

High Nessus Plugin ID 122141

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.14.35-1844.2.5.el7uek]
- x86/apic: Switch all APICs to Fixed delivery mode (Thomas Gleixner) [Orabug: 29262403]

[4.14.35-1844.2.4.el7uek]
- x86/platform/UV: Add check of TSC state set by UV BIOS (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - x86/tsc: Provide a means to disable TSC ART (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - x86/tsc: Drastically reduce the number of firmware bug warnings (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - x86/tsc: Skip TSC test and error messages if already unstable (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - x86/tsc: Add option that TSC on Socket 0 being non-zero is valid (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - scsi: lpfc: Enable Management features for IF_TYPE=6 (James Smart) [Orabug: 29248376]

[4.14.35-1844.2.3.el7uek]
- RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 28983233] - proc: restrict kernel stack dumps to root (Jann Horn) [Orabug: 29114876] {CVE-2018-17972}
- rds: congestion updates can be missed when kernel low on memory (Mukesh Kacker) [Orabug: 29200902] - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (Zhenzhong Duan) [Orabug: 29211613] - xen-netback: wake up xenvif_dealloc_kthread when it should stop (Dongli Zhang) [Orabug: 29237355] - xen/blkback: rework validate_io_op() (Dongli Zhang) [Orabug: 29237430] - xen/blkback: optimize validate_io_op() to filter BLKIF_OP_RESERVED_1 operation (Dongli Zhang) [Orabug: 29237430] - xen/blkback: do not BUG() for invalid blkif_request from frontend (Dongli Zhang) [Orabug: 29237430] - net/rds: WARNING: at net/rds/recv.c:222 rds_recv_hs_exthdrs+0xf8/0x1e0 (Venkat Venkatsubra) [Orabug: 29248238] - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (Eduardo Habkost) [Orabug: 29254549] - alarmtimer: Prevent overflow for relative nanosleep (Thomas Gleixner) [Orabug: 29269148] {CVE-2018-13053}

[4.14.35-1844.2.2.el7uek]
- genirq/affinity: Don't return with empty affinity masks on error (Thomas Gleixner) [Orabug: 29209330] - x86/apic/x2apic: set affinity of a single interrupt to one cpu (Jianchao Wang) [Orabug: 29201434] - uek-rpm: Update x86_64 config options (Victor Erminpour) [Orabug: 29129556] - net: rds: fix excess initialization of the recv SGEs (Zhu Yanjun) [Orabug: 29004501] - nvme-pci: fix memory leak on probe failure (Keith Busch) [Orabug: 29214245] - nvme-pci: limit max IO size and segments to avoid high order allocations (Jens Axboe) [Orabug: 29214245]
- arm64, dtrace: add non-virtual clocksources to fbt blacklist (Nick Alcock) [Orabug: 29220926] - net/rds: ib: Fix endless RNR Retries caused by memory allocation failures (Venkat Venkatsubra) [Orabug: 29222874] - x86/speculation: simplify IBRS firmware control (Alexandre Chartre) [Orabug: 29225114] - x86/speculation: use jump label instead of alternative to control IBRS firmware (Alexandre Chartre) [Orabug: 29225114] - x86/speculation: fix and simplify IBPB control (Alexandre Chartre) [Orabug: 29225114] - x86/speculation: use jump label instead of alternative to control IBPB (Alexandre Chartre) [Orabug: 29225114] - x86/speculation: move ANNOTATE_* macros to a new header file (Alexandre Chartre) [Orabug: 29225114] - be2net: Update the driver version to 12.0.0.0 (Suresh Reddy) [Orabug: 29228473] - be2net: Handle transmit completion errors in Lancer (Suresh Reddy) [Orabug: 29228473] - be2net: Fix HW stall issue in Lancer (Suresh Reddy) [Orabug: 29228473] - x86/platform/UV: Fix GAM MMR references in the UV x2apic code (Mike Travis) [Orabug: 29205471] - x86/platform/UV: Fix GAM MMR changes in UV4A (Mike Travis) [Orabug: 29205471] - x86/platform/UV: Add references to access fixed UV4A HUB MMRs (Mike Travis) [Orabug: 29205471] - x86/platform/UV: Fix UV4A support on new Intel Processors (Mike Travis) [Orabug: 29205471] - x86/platform/UV: Update uv_mmrs.h to prepare for UV4A fixes (Mike Travis) [Orabug: 29205471]

[4.14.35-1844.2.1.el7uek]
- rds: Incorrect rds-info send and retransmission message output (Ka-Cheong Poon) [Orabug: 29024033] - mlx4_core: Disable P_Key Violation Traps (H&aring kon Bugge) [Orabug: 28861014] - rds: ib: Use a delay when reconnecting to the very same IP address (H&aring kon Bugge) [Orabug: 29161391] - KVM: Fix UAF in nested posted interrupt processing (Cfir Cohen) [Orabug: 29172125] {CVE-2018-16882}
- x86/alternative: check int3 breakpoint physical addresses (Alexandre Chartre) [Orabug: 29178334] - Change mincore() to count 'mapped' pages rather than 'cached' pages (Linus Torvalds) [Orabug: 29187408] {CVE-2019-5489}
- net/rds: RDS connection does not reconnect after CQ access violation error (Venkat Venkatsubra) [Orabug: 29180514]

[4.14.35-1844.2.0.el7uek]
- userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [Orabug: 29163742] {CVE-2018-18397}
- userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [Orabug: 29163742] {CVE-2018-18397}
- ocfs2: don't clear bh uptodate for block read (Junxiao Bi) [Orabug: 29159655] - ocfs2: clear journal dirty flag after shutdown journal (Junxiao Bi) [Orabug: 29154599] - ocfs2: fix panic due to unrecovered local alloc (Junxiao Bi) [Orabug: 29154599]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2019-February/008486.html

Plugin Details

Severity: High

ID: 122141

File Name: oraclelinux_ELSA-2019-4541.nasl

Version: 1.10

Type: local

Agent: unix

Published: 2019/02/13

Updated: 2020/07/17

Dependencies: 12634, 122878

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/02/12

Vulnerability Publication Date: 2018/07/02

Reference Information

CVE: CVE-2018-13053, CVE-2018-16882, CVE-2018-17972, CVE-2018-18397, CVE-2019-5489

IAVA: 2020-A-0325