Scientific Linux Security Update : kernel on SL7.x x86_64 (20190423)

Medium Nessus Plugin ID 124290

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Security Fix(es) :

- Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)

- Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)

Bug Fix(es) :

- rbd: avoid corruption on partially completed bios [rhel-7.6.z]

- xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z]

- Offload Connections always get vlan priority 0 [rhel-7.6.z]

- [NOKIA] SL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z]

- SL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z]

- [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z]

- [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z]

- RFC: Regression with -fstack-check in 'backport upstream large stack guard patch to SL6' patch [rhel-7.6.z]

- [Hyper-V] [SL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup [rhel-7.6.z]

- rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z]

- ACPI WDAT watchdog update [rhel-7.6.z]

- high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter fail-over [rhel-7.6.z]

- Openshift node drops outgoing POD traffic due to NAT hashtable race in __ip_conntrack_confirm() [rhel-7.6.z]

- [Backport] [v3,2/2] net: igmp: Allow user-space configuration of igmp unsolicited report interval [rhel-7.6.z]

- [SL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter [rhel-7.6.z]

- The number of unsolict report about IGMP is incorrect [rhel-7.6.z]

- RDT driver causing failure to boot on AMD Rome system with more than 255 CPUs [rhel-7.6.z]

- mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z]

- rwsem in inconsistent state leading system to hung [rhel-7.6.z]

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?7cab843a

Plugin Details

Severity: Medium

ID: 124290

File Name: sl_20190423_kernel_on_SL7_x.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2019/04/25

Updated: 2020/02/24

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:bpftool, p-cpe:/a:fermilab:scientific_linux:kernel, p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists, p-cpe:/a:fermilab:scientific_linux:kernel-debug, p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel, p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64, p-cpe:/a:fermilab:scientific_linux:kernel-devel, p-cpe:/a:fermilab:scientific_linux:kernel-doc, p-cpe:/a:fermilab:scientific_linux:kernel-headers, p-cpe:/a:fermilab:scientific_linux:kernel-tools, p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs, p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel, p-cpe:/a:fermilab:scientific_linux:perf, p-cpe:/a:fermilab:scientific_linux:perf-debuginfo, p-cpe:/a:fermilab:scientific_linux:python-perf, p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/04/23

Vulnerability Publication Date: 2019/02/15

Reference Information

CVE: CVE-2019-6974, CVE-2019-7221