Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5569)

Critical Nessus Plugin ID 134645

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.14.35-1902.11.3.el7uek]
- xfs: do async inactivation only when fs freezed (Junxiao Bi) [Orabug: 31013775]

[4.14.35-1902.11.2.el7uek]
- ib/core: Cancel fmr delayed_worker when in shutdown phase of reboot system (Hans Westgaard Ry) [Orabug: 30967501] - Revert 'printk: Default console logging level should be set to 4' (Cesar Roque) [Orabug: 30833249] - cgroup: psi: fix memory leak when freeing a cgroup work function (Tom Hromatka) [Orabug: 30903264]

[4.14.35-1902.11.1.el7uek]
- xfs: fix deadlock between shrinker and fs freeze (Junxiao Bi) [Orabug: 30657780] - xfs: increase the default parallelism levels of pwork clients (Darrick J. Wong) [Orabug: 30657780] - xfs: decide if inode needs inactivation (Darrick J. Wong) [Orabug: 30657780] - xfs: refactor the predicate part of xfs_free_eofblocks (Darrick J. Wong) [Orabug: 30657780] - mwifiex: fix unbalanced locking in mwifiex_process_country_ie() (Brian Norris) [Orabug: 30781858] {CVE-2019-14895}
- mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Ganapathi Bhat) [Orabug: 30781858] {CVE-2019-14895} {CVE-2019-14895}
- ipmi_ssif: avoid registering duplicate ssif interface (Kamlakant Patel) [Orabug: 30916684] - ipmi: Fix NULL pointer dereference in ssif_probe (Gustavo A. R. Silva) [Orabug: 30916684] - uio: Fix an Oops on load (Dan Carpenter) [Orabug: 30897832] - drm/i915: Fix use-after-free when destroying GEM context (Tyler Hicks) [Orabug: 30860457] {CVE-2020-7053}
- xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (Darrick J. Wong) [Orabug: 30788113] - slub: extend slub debug to handle multiple slabs (Aaron Tomlin) [Orabug: 30903135] - RAS/CEC: Fix binary search function (Borislav Petkov) [Orabug: 30897849] - CIFS: fix POSIX lock leak and invalid ptr deref (Aurelien Aptel) [Orabug: 30809456] - rds: Avoid flushing MRs in rds_rdma_drop_keys (aru kolappan) [Orabug: 30681066]

[4.14.35-1902.11.0.el7uek]
- rds: Avoid qp overflow when posting invalidate/register mr with frwr (Hans Westgaard Ry) [Orabug: 30888677] - rds: Use bitmap to designate dropped connections (H&aring kon Bugge) [Orabug: 30852643] - rds: prevent use-after-free of rds conn in rds_send_drop_to() (Sharath Srinivasan) [Orabug: 30865079] - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864532] {CVE-2019-15291}
- KVM: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [Orabug: 30846856] - KVM: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [Orabug: 30846856] - xen/ovmapi: whitelist more caches (Boris Ostrovsky) [Orabug: 30837856] - mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (qize wang) [Orabug: 30819438] {CVE-2019-14901}
- drm/i915/gen9: Clear residual context state on context switch (Akeem G Abodunrin) [Orabug: 30773852] {CVE-2019-14615} {CVE-2019-14615}
- rds: unlock rs_snd_lock before calling rhashtable_insert_fast (aru kolappan) [Orabug: 30734590]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2020-March/009698.html

Plugin Details

Severity: Critical

ID: 134645

File Name: oraclelinux_ELSA-2020-5569.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2020/03/18

Updated: 2020/03/20

Dependencies: 12634, 122878

Risk Information

Risk Factor: Critical

VPR Score: 6.7

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/03/16

Vulnerability Publication Date: 2019/08/20

Reference Information

CVE: CVE-2019-14615, CVE-2019-14895, CVE-2019-14901, CVE-2019-15291, CVE-2020-7053