Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4541)

High Nessus Plugin ID 122141

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.3

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.14.35-1844.2.5.el7uek]
- x86/apic: Switch all APICs to Fixed delivery mode (Thomas Gleixner) [Orabug: 29262403]

[4.14.35-1844.2.4.el7uek]
- x86/platform/UV: Add check of TSC state set by UV BIOS (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - x86/tsc: Provide a means to disable TSC ART (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - x86/tsc: Drastically reduce the number of firmware bug warnings (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - x86/tsc: Skip TSC test and error messages if already unstable (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - x86/tsc: Add option that TSC on Socket 0 being non-zero is valid (<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>mike.travis at hpe.com</A>) [Orabug: 29205471] - scsi: lpfc: Enable Management features for IF_TYPE=6 (James Smart) [Orabug: 29248376]

[4.14.35-1844.2.3.el7uek]
- RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 28983233] - proc: restrict kernel stack dumps to root (Jann Horn) [Orabug: 29114876] {CVE-2018-17972}
- rds: congestion updates can be missed when kernel low on memory (Mukesh Kacker) [Orabug: 29200902] - x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (Zhenzhong Duan) [Orabug: 29211613] - xen-netback: wake up xenvif_dealloc_kthread when it should stop (Dongli Zhang) [Orabug: 29237355] - xen/blkback: rework validate_io_op() (Dongli Zhang) [Orabug: 29237430] - xen/blkback: optimize validate_io_op() to filter BLKIF_OP_RESERVED_1 operation (Dongli Zhang) [Orabug: 29237430] - xen/blkback: do not BUG() for invalid blkif_request from frontend (Dongli Zhang) [Orabug: 29237430] - net/rds: WARNING: at net/rds/recv.c:222 rds_recv_hs_exthdrs+0xf8/0x1e0 (Venkat Venkatsubra) [Orabug: 29248238] - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (Eduardo Habkost) [Orabug: 29254549] - alarmtimer: Prevent overflow for relative nanosleep (Thomas Gleixner) [Orabug: 29269148] {CVE-2018-13053}

[4.14.35-1844.2.2.el7uek]
- genirq/affinity: Don't return with empty affinity masks on error (Thomas Gleixner) [Orabug: 29209330] - x86/apic/x2apic: set affinity of a single interrupt to one cpu (Jianchao Wang) [Orabug: 29201434] - uek-rpm: Update x86_64 config options (Victor Erminpour) [Orabug: 29129556] - net: rds: fix excess initialization of the recv SGEs (Zhu Yanjun) [Orabug: 29004501] - nvme-pci: fix memory leak on probe failure (Keith Busch) [Orabug: 29214245] - nvme-pci: limit max IO size and segments to avoid high order allocations (Jens Axboe) [Orabug: 29214245]
- arm64, dtrace: add non-virtual clocksources to fbt blacklist (Nick Alcock) [Orabug: 29220926] - net/rds: ib: Fix endless RNR Retries caused by memory allocation failures (Venkat Venkatsubra) [Orabug: 29222874] - x86/speculation: simplify IBRS firmware control (Alexandre Chartre) [Orabug: 29225114] - x86/speculation: use jump label instead of alternative to control IBRS firmware (Alexandre Chartre) [Orabug: 29225114] - x86/speculation: fix and simplify IBPB control (Alexandre Chartre) [Orabug: 29225114] - x86/speculation: use jump label instead of alternative to control IBPB (Alexandre Chartre) [Orabug: 29225114] - x86/speculation: move ANNOTATE_* macros to a new header file (Alexandre Chartre) [Orabug: 29225114] - be2net: Update the driver version to 12.0.0.0 (Suresh Reddy) [Orabug: 29228473] - be2net: Handle transmit completion errors in Lancer (Suresh Reddy) [Orabug: 29228473] - be2net: Fix HW stall issue in Lancer (Suresh Reddy) [Orabug: 29228473] - x86/platform/UV: Fix GAM MMR references in the UV x2apic code (Mike Travis) [Orabug: 29205471] - x86/platform/UV: Fix GAM MMR changes in UV4A (Mike Travis) [Orabug: 29205471] - x86/platform/UV: Add references to access fixed UV4A HUB MMRs (Mike Travis) [Orabug: 29205471] - x86/platform/UV: Fix UV4A support on new Intel Processors (Mike Travis) [Orabug: 29205471] - x86/platform/UV: Update uv_mmrs.h to prepare for UV4A fixes (Mike Travis) [Orabug: 29205471]

[4.14.35-1844.2.1.el7uek]
- rds: Incorrect rds-info send and retransmission message output (Ka-Cheong Poon) [Orabug: 29024033] - mlx4_core: Disable P_Key Violation Traps (H&aring kon Bugge) [Orabug: 28861014] - rds: ib: Use a delay when reconnecting to the very same IP address (H&aring kon Bugge) [Orabug: 29161391] - KVM: Fix UAF in nested posted interrupt processing (Cfir Cohen) [Orabug: 29172125] {CVE-2018-16882}
- x86/alternative: check int3 breakpoint physical addresses (Alexandre Chartre) [Orabug: 29178334] - Change mincore() to count 'mapped' pages rather than 'cached' pages (Linus Torvalds) [Orabug: 29187408] {CVE-2019-5489}
- net/rds: RDS connection does not reconnect after CQ access violation error (Venkat Venkatsubra) [Orabug: 29180514]

[4.14.35-1844.2.0.el7uek]
- userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [Orabug: 29163742] {CVE-2018-18397}
- userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [Orabug: 29163742] {CVE-2018-18397}
- ocfs2: don't clear bh uptodate for block read (Junxiao Bi) [Orabug: 29159655] - ocfs2: clear journal dirty flag after shutdown journal (Junxiao Bi) [Orabug: 29154599] - ocfs2: fix panic due to unrecovered local alloc (Junxiao Bi) [Orabug: 29154599]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2019-February/008486.html

Plugin Details

Severity: High

ID: 122141

File Name: oraclelinux_ELSA-2019-4541.nasl

Version: 1.10

Type: local

Agent: unix

Published: 2019/02/13

Updated: 2020/07/17

Dependencies: 12634, 122878

Risk Information

Risk Factor: High

VPR Score: 7.3

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/02/12

Vulnerability Publication Date: 2018/07/02

Reference Information

CVE: CVE-2018-13053, CVE-2018-16882, CVE-2018-17972, CVE-2018-18397, CVE-2019-5489

IAVA: 2020-A-0325