Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4878)

low Nessus Plugin ID 132067
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 3.6

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.14.35-1902.8.4.el7uek]
- Revert 'oled: give panic handler chance to run before kexec' (John Donnelly) [Orabug: 30594702]
- Revert 'oled: export symbols' (John Donnelly) [Orabug: 30594702]
- net/rds: Recycle RDS headers to speed up connection fail over (Ka-Cheong Poon) [Orabug: 30628735]
- net/rds: Reduce RDS headers de-allocation time (Ka-Cheong Poon) [Orabug: 30628735]
- net/rds: Should use rds_rtd_ptr() to trace pointer value (Ka-Cheong Poon) [Orabug: 30628735]

[4.14.35-1902.8.3.el7uek]
- rds: Disable heartbeat by default (H&aring kon Bugge) [Orabug: 30580080]

[4.14.35-1902.8.2.el7uek]
- rds:ib: Set RoCE ACK timeout before resolving route (Dag Moxnes) [Orabug: 30581176]
- RDMA/cma: Use ACK timeout for RoCE packetLifeTime (Dag Moxnes) [Orabug: 30581176]
- x86/hyperv: Make vapic support x2apic mode (Roman Kagan) [Orabug: 30571044]
- PCI: hv: Refactor hv_irq_unmask() to use cpumask_to_vpset() (Maya Nakamura) [Orabug: 30571044]
- PCI: hv: Replace hv_vp_set with hv_vpset (Maya Nakamura) [Orabug: 30571044]
- PCI: hv: Add __aligned(8) to struct retarget_msi_interrupt (Maya Nakamura) [Orabug: 30571044]
- MAINTAINERS: Add Hyper-V IOMMU driver into Hyper-V CORE AND DRIVERS scope (Lan Tianyu) [Orabug: 30571044]
- iommu/hyper-v: Add Hyper-V stub IOMMU driver (Lan Tianyu) [Orabug: 30571044]
- x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (Lan Tianyu) [Orabug: 30571044]
- x86/apic: Provide apic_ack_irq() (Thomas Gleixner) [Orabug: 30571044]
- rds: ib: update WR sizes when bringing up connection (Dag Moxnes) [Orabug: 30572790]
- USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548564] {CVE-2019-15219}
- block-mq: fix hung due to too much warning log (Junxiao Bi) [Orabug: 30544816]
- oled: export symbols (Wengang Wang) [Orabug: 30550387]
- oled: give panic handler chance to run before kexec (Wengang Wang) [Orabug: 30550387]

[4.14.35-1902.8.1.el7uek]
- ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() (Shuning Zhang) [Orabug: 30545335]
- kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth Ghatraju) [Orabug: 30539764]
- x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (Josh Poimboeuf) [Orabug: 30539764]
- cpu/speculation: Uninline and export CPU mitigations helpers (Tyler Hicks) [Orabug: 30539764]
- x86/speculation/taa: Fix for mitigation for TSX Async Abort (Kanth Ghatraju) [Orabug: 30533711]
- media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532773] {CVE-2019-15217}
- x86: cpu: bugs.c: Fix compile error when CONFIG_XEN=n (Aaron Young) [Orabug: 30516915]
- SUNRPC: Remove xprt_connect_status() (Trond Myklebust) [Orabug: 30513391]
- SUNRPC: Handle ENETDOWN errors (Trond Myklebust) [Orabug: 30513391]
- x86/platform/uv: Account for UV Hubless in is_uvX_hub Ops (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Check EFI Boot to set reboot type (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Decode UVsystab Info (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Add UV Hubbed/Hubless Proc FS Files (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Setup UV functions for Hubless UV Systems (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Add return code to UV BIOS Init function (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Return UV Hubless System Type (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Save OEM_ID from ACPI MADT probe (Mike Travis) [Orabug: 30518602]

[4.14.35-1902.8.0.1.sn.el7uek]
- rds: ib: Improve neighbor cache flush throttling (Dag Moxnes) [Orabug: 30472626]
- KVM: VMX: Do not change PID.NDST when loading a blocked vCPU (Joao Martins) [Orabug: 30512558]
- KVM: x86: Recompute PID.ON when clearing PID.SN (Joao Martins) [Orabug: 30512558]
- Revert 'KVM: VMX: sync pending posted interrupts based on PIR' (Joao Martins) [Orabug: 30512558]
- cpuidle: haltpoll: Take 'idle=' override into account (Zhenzhong Duan) [Orabug: 30519673]
- media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511740] {CVE-2019-15215}
- rds: ib: __flush_neigh_conn error messages in syslog during failover/failback (Dag Moxnes) [Orabug: 30499609]
- kdump: decouple trace_extern_vmcoreinfo_setup from CONFIG_TRACING (Dave Kleikamp) [Orabug: 30493478]
- media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490490] {CVE-2019-15213}
- net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445304] {CVE-2019-16994}
- mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445156] {CVE-2019-17055}
- ieee802154: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30444945] {CVE-2019-17053}
- net: hsr: fix memory leak in hsr_dev_finalize() (Mao Wenan) [Orabug: 30444852] {CVE-2019-16995}
- vhost/vsock: fix uninitialized vhost_vsock->guest_cid (Stefan Hajnoczi) [Orabug: 30339795]
- fm10k: Fix a potential NULL pointer dereference (Yue Haibing) [Orabug: 30322694] {CVE-2019-15924}
- x86/apic: Get rid of multi CPU affinity (Thomas Gleixner) [Orabug: 29645216]
- rds: ib: need to flush neighbor cache for local peer connections on failover (Dag Moxnes) [Orabug: 30472629]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2019-December/009450.html

Plugin Details

Severity: Low

ID: 132067

File Name: oraclelinux_ELSA-2019-4878.nasl

Version: 1.2

Type: local

Agent: unix

Published: 12/16/2019

Updated: 12/18/2019

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

Risk Factor: Low

VPR Score: 3.6

CVSS Score Source: CVE-2019-17055

CVSS v2.0

Base Score: 2.1

Temporal Score: 1.6

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 3.3

Temporal Score: 2.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/13/2019

Vulnerability Publication Date: 8/19/2019

Reference Information

CVE: CVE-2019-15213, CVE-2019-15215, CVE-2019-15217, CVE-2019-15219, CVE-2019-15924, CVE-2019-16994, CVE-2019-16995, CVE-2019-17053, CVE-2019-17055