Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5569)

critical Nessus Plugin ID 134645
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.14.35-1902.11.3.el7uek]
- xfs: do async inactivation only when fs freezed (Junxiao Bi) [Orabug: 31013775]

[4.14.35-1902.11.2.el7uek]
- ib/core: Cancel fmr delayed_worker when in shutdown phase of reboot system (Hans Westgaard Ry) [Orabug: 30967501] - Revert 'printk: Default console logging level should be set to 4' (Cesar Roque) [Orabug: 30833249] - cgroup: psi: fix memory leak when freeing a cgroup work function (Tom Hromatka) [Orabug: 30903264]

[4.14.35-1902.11.1.el7uek]
- xfs: fix deadlock between shrinker and fs freeze (Junxiao Bi) [Orabug: 30657780] - xfs: increase the default parallelism levels of pwork clients (Darrick J. Wong) [Orabug: 30657780] - xfs: decide if inode needs inactivation (Darrick J. Wong) [Orabug: 30657780] - xfs: refactor the predicate part of xfs_free_eofblocks (Darrick J. Wong) [Orabug: 30657780] - mwifiex: fix unbalanced locking in mwifiex_process_country_ie() (Brian Norris) [Orabug: 30781858] {CVE-2019-14895}
- mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Ganapathi Bhat) [Orabug: 30781858] {CVE-2019-14895} {CVE-2019-14895}
- ipmi_ssif: avoid registering duplicate ssif interface (Kamlakant Patel) [Orabug: 30916684] - ipmi: Fix NULL pointer dereference in ssif_probe (Gustavo A. R. Silva) [Orabug: 30916684] - uio: Fix an Oops on load (Dan Carpenter) [Orabug: 30897832] - drm/i915: Fix use-after-free when destroying GEM context (Tyler Hicks) [Orabug: 30860457] {CVE-2020-7053}
- xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (Darrick J. Wong) [Orabug: 30788113] - slub: extend slub debug to handle multiple slabs (Aaron Tomlin) [Orabug: 30903135] - RAS/CEC: Fix binary search function (Borislav Petkov) [Orabug: 30897849] - CIFS: fix POSIX lock leak and invalid ptr deref (Aurelien Aptel) [Orabug: 30809456] - rds: Avoid flushing MRs in rds_rdma_drop_keys (aru kolappan) [Orabug: 30681066]

[4.14.35-1902.11.0.el7uek]
- rds: Avoid qp overflow when posting invalidate/register mr with frwr (Hans Westgaard Ry) [Orabug: 30888677] - rds: Use bitmap to designate dropped connections (H&aring kon Bugge) [Orabug: 30852643] - rds: prevent use-after-free of rds conn in rds_send_drop_to() (Sharath Srinivasan) [Orabug: 30865079] - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864532] {CVE-2019-15291}
- KVM: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [Orabug: 30846856] - KVM: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [Orabug: 30846856] - xen/ovmapi: whitelist more caches (Boris Ostrovsky) [Orabug: 30837856] - mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (qize wang) [Orabug: 30819438] {CVE-2019-14901}
- drm/i915/gen9: Clear residual context state on context switch (Akeem G Abodunrin) [Orabug: 30773852] {CVE-2019-14615} {CVE-2019-14615}
- rds: unlock rs_snd_lock before calling rhashtable_insert_fast (aru kolappan) [Orabug: 30734590]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2020-March/009698.html

Plugin Details

Severity: Critical

ID: 134645

File Name: oraclelinux_ELSA-2020-5569.nasl

Version: 1.2

Type: local

Agent: unix

Published: 3/18/2020

Updated: 3/20/2020

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:kernel-uek:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:kernel-uek-debug:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:kernel-uek-debug-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:kernel-uek-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:kernel-uek-doc:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:kernel-uek-tools:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 3/16/2020

Vulnerability Publication Date: 8/20/2019

Reference Information

CVE: CVE-2019-15291, CVE-2019-14895, CVE-2019-14901, CVE-2020-7053, CVE-2019-14615