Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5533)

High Nessus Plugin ID 133632

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:
[4.14.35-1902.10.7]
- rtlwifi: Fix potential overflow on P2P code (Laura Abbott) [Orabug: 30807747] {CVE-2019-17666}
- rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu) [Orabug: 30770961] {CVE-2016-5244}
- KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) (Paolo Bonzini) [Orabug: 30658694] {CVE-2019-19332}

[4.14.35-1902.10.6]
- IB/mlx4: Fix use after free in RDMA CM disconnect code path (Manjunath Patil)
- RDMA/cma: Relax device check in cma_match_net_dev() (Hakon Bugge) [Orabug: 30809126]
- IB/mlx4: Fix leak in id_map_find_del (Hakon Bugge) [Orabug: 30805810]
- net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c (Peter Oskolkov) [Orabug: 30787503]
- net: IP6 defrag: use rbtrees for IPv6 defrag (Peter Oskolkov) [Orabug: 30787503]
- ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module (Florian Westphal) [Orabug: 30787503]
- net: IP defrag: encapsulate rbtree defrag code into callable functions (Peter Oskolkov) [Orabug: 30787503]
- ipv6: frags: fix a lockdep false positive (Eric Dumazet) [Orabug: 30787503]

[4.14.35-1902.10.5]
- drm/i915/cmdparser: Fix jump whitelist clearing (Ben Hutchings) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/gen8+: Add RC6 CTX corruption WA (Imre Deak) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Lower RM timeout to avoid DSI hard hangs (Uma Shankar) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/cmdparser: Ignore Length operands during command matching (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/cmdparser: Add support for backward jumps (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/cmdparser: Use explicit goto for error paths (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Add gen9 BCS cmdparsing (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Allow parsing of unsized batches (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Add support for mandatory cmdparsing (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Remove Master tables from cmdparser (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Disable Secure Batches for gen6+ (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Rename gen7 cmdparser tables (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Move engine->needs_cmd_parser to engine->flags (Tvrtko Ursulin) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Dont use GPU relocations prior to cmdparser stalls (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Silence smatch for cmdparser (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/cmdparser: Do not check past the cmd length. (Michal Srb) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/cmdparser: Check reg_table_count before derefencing. (Michal Srb) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Prevent writing into a read-only object via a GGTT mmap (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/gtt: Disable read-only support under GVT (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/gtt: Read-only pages for insert_entries on bdw+ (Vivi, Rodrigo) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/gtt: Add read only pages to gen8_pte_encode (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (Anchal Agarwal) [Orabug: 30681025]
- x86: microcode: propagate return value to siblings (Mihai Carabas) [Orabug: 30557081]
- x86/bugs: TSX not disabled at late loading (Mihai Carabas) [Orabug: 30557081]
- x86/bugs: missed initconst cpu_vuln_whitelist used at late loading (Mihai Carabas) [Orabug: 30659681]
- mwifiex: Fix mem leak in mwifiex_tm_cmd (YueHaibing) [Orabug: 30732918] {CVE-2019-20095}
- fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732937] {CVE-2019-20054}
- fjes: Handle workqueue allocation failure (Will Deacon) [Orabug: 30771875] {CVE-2019-16231}

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2020-February/009627.html

Plugin Details

Severity: High

ID: 133632

File Name: oraclelinux_ELSA-2020-5533.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2020/02/12

Updated: 2020/02/14

Dependencies: 12634, 122878

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/02/10

Vulnerability Publication Date: 2016/06/27

Reference Information

CVE: CVE-2016-5244, CVE-2019-0154, CVE-2019-16231, CVE-2019-17666, CVE-2019-19332, CVE-2019-20054, CVE-2019-20095