Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4643) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

medium Nessus Plugin ID 125236
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.14.35-1844.5.3.el7uek]
- x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk) [Orabug: 29721848] {CVE-2019-11091}
- x86/speculation/mds: Make mds_mitigation mutable after init (Konrad Rzeszutek Wilk) [Orabug: 29721835] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}

[4.14.35-1844.5.2.el7uek]
- xen: Fix x86 sched_clock() interface for xen (Juergen Gross) [Orabug: 29464437]
- x86/xen/time: Output xen sched_clock time from 0 (Pavel Tatashin) [Orabug: 29464437]
- repairing kmodstd to support cross compilation (Mark Nicholson) [Orabug: 29682406]
- xfs: don't overflow xattr listent buffer (Darrick J. Wong) [Orabug: 29697225]

[4.14.35-1844.5.1.el7uek]
- x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Konrad Rzeszutek Wilk) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add boot option to enable MDS protection only while in idle (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation: Add MDS vulnerability documentation (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation: Move L1TF to separate directory (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/msr-index: Cleanup bit defines (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} file (Will Deacon) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/cpu: Sanitize FAM6_ATOM naming (Peter Zijlstra) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Simplify the CPU bug detection logic (Dominik Brodowski) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- tools include: Adopt linux/bits.h (Arnaldo Carvalho de Melo) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}

[4.14.35-1844.5.0.el7uek]
- swiotlb: save io_tlb_used to local variable before leaving critical section (Dongli Zhang) [Orabug: 29637519]
- swiotlb: dump used and total slots when swiotlb buffer is full (Dongli Zhang) [Orabug: 29637519]
- bonding: ratelimit no-delay interface up messages (Shamir Rabinovitch) [Orabug: 29016284]
- xen/netfront: don't bug in case of too many frags (Juergen Gross) [Orabug: 29462653]
- bnxt_en: Drop oversize TX packets to prevent errors. (Michael Chan) [Orabug: 29547792]
- xen/netfront: tolerate frags with no data (Juergen Gross) [Orabug: 29632146]
- net/mlx5: E-Switch, fix syndrome (0x678139) when turn on vepa (Huy Nguyen) [Orabug: 29455439]
- net/mlx5: E-Switch, Fix access to invalid memory when toggling esw modes (Roi Dayan) [Orabug: 29455439]
- net/mlx5: Avoid panic when setting vport mac, getting vport config (Tonghao Zhang) [Orabug: 29455439]
- net/mlx5: Support ndo bridge_setlink and getlink (Huy Nguyen) [Orabug: 29455439]
- net/mlx5: E-Switch, Add support for VEPA in legacy mode. (Huy Nguyen) [Orabug: 29455439]
- net/mlx5: Split FDB fast path prio to multiple namespaces (Paul Blakey) [Orabug: 29455439]
- net/mlx5: E-Switch, Remove unused argument when creating legacy FDB (Eli Cohen) [Orabug: 29455439]
- net/mlx5: E-switch, Create a second level FDB flow table (Chris Mi) [Orabug: 29455439]
- net/mlx5: Add cap bits for flow table destination in FDB table (Chris Mi) [Orabug: 29455439]
- net/mlx5: E-Switch, Reorganize and rename fdb flow tables (Chris Mi) [Orabug: 29455439]
- net/mlx5: Add destination e-switch owner (Shahar Klein) [Orabug: 29455439]
- net/mlx5: Properly handle a vport destination when setting FTE (Shahar Klein) [Orabug: 29455439]
- net/mlx5: E-Switch, Reload IB interface when switching devlink modes (Mark Bloch) [Orabug: 29455439]
- net/mlx5: E-Switch, Optimize HW steering tables in switchdev mode (Mark Bloch) [Orabug: 29455439]
- net/mlx5: E-Switch, Increase number of FTEs in FDB in switchdev mode (Mark Bloch) [Orabug: 29455439]
- net/mlx5: Separate ingress/egress namespaces for each vport (Gal Pressman) [Orabug: 29455439]
- net/mlx5: Fix ingress/egress naming mistake (Gal Pressman) [Orabug: 29455439]
- net/mlx5: Initialize destination_flow struct to 0 (Rabie Loulou) [Orabug: 29455439]
- USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (Hui Peng) [Orabug: 29613788] {CVE-2018-19985} {CVE-2018-19985}
- mm: hwpoison: fix thp split handing in soft_offline_in_use_page() (zhongjiang) [Orabug: 29613794] {CVE-2019-10124}
- x86/bugs, kvm: don't miss SSBD when IBRS is in use. (Mihai Carabas) [Orabug: 29642112]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2019-May/008741.html

Plugin Details

Severity: Medium

ID: 125236

File Name: oraclelinux_ELSA-2019-4643.nasl

Version: 1.5

Type: local

Agent: unix

Published: 5/17/2019

Updated: 1/15/2020

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

CVSS Score Source: CVE-2019-11091

VPR

Risk Factor: High

Score: 7.7

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.5

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/16/2019

Vulnerability Publication Date: 3/21/2019

Reference Information

CVE: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-19985, CVE-2019-10124, CVE-2019-11091