Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5535)

High Nessus Plugin ID 133711


The remote Oracle Linux host is missing one or more security updates.


Description of changes:

- iscsi-target: graceful disconnect on invalid mapping to iovec (Imran Haider) [Orabug: 30459537] - x86/microcode: Issue update message only once (Borislav Petkov) [Orabug: 30528904] - x86/microcode/intel: Issue the revision updated message only on the BSP (Borislav Petkov) [Orabug: 30528904] - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) (Paolo Bonzini) [Orabug: 30658695] {CVE-2019-19332}
- rtlwifi: Fix potential overflow on P2P code (Laura Abbott) [Orabug: 30807748] {CVE-2019-17666}

- x86: microcode: propagate return value to siblings (Mihai Carabas) [Orabug: 30557086] - x86/bugs: TSX not disabled at late loading (Mihai Carabas) [Orabug: 30557086] - mlx5: lock mlx5_core to prevent module unload (Brian Maly) [Orabug: 30566775] - rds: RDS/TCP does not initiate a connection (Ka-Cheong Poon) [Orabug: 30576433] - x86: bugs: replace static_ with boot_ for CPU bugs mitigations (Mihai Carabas) [Orabug: 30649400]


Update the affected unbreakable enterprise kernel packages.

See Also

Plugin Details

Severity: High

ID: 133711

File Name: oraclelinux_ELSA-2020-5535.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2020/02/14

Updated: 2020/02/18

Dependencies: 122878, 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/02/13

Vulnerability Publication Date: 2019/10/17

Reference Information

CVE: CVE-2019-17666, CVE-2019-19332