Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5642)

Medium Nessus Plugin ID 135381

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.1.12-124.38.1.el7uek]
- rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 31031928]
- KVM: X86: Fix NULL deref in vcpu_scan_ioapic (Wanpeng Li) [Orabug: 31078882]
- vhost: Check docket sk_family instead of call getname (Eugenio P&eacute rez) [Orabug: 31085993] {CVE-2020-10942}
- Revert 'oled: give panic handler chance to run before kexec' (Wengang Wang) [Orabug: 31098797]

[4.1.12-124.37.3.el7uek]
- kernel: cpu.c: fix return in void function cpu_smt_disable (Mihai Carabas) [Orabug: 31047871]
- net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055327] {CVE-2019-18806}
- swiotlb: clean up reporting (Kees Cook) [Orabug: 31085017] {CVE-2018-5953}
- KVM: x86: Expose more Intel AVX512 feature to guest (Luwei Kang) [Orabug: 31085086]
- x86/cpufeature: Enable new AVX-512 features (Fenghua Yu) [Orabug: 31085086]

[4.1.12-124.37.2.el7uek]
- xenbus: req->err should be updated before req->state (Dongli Zhang) [Orabug: 30705030]
- xenbus: req->body should be updated before req->state (Dongli Zhang) [Orabug: 30705030]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2020-April/009775.html

https://oss.oracle.com/pipermail/el-errata/2020-April/009776.html

Plugin Details

Severity: Medium

ID: 135381

File Name: oraclelinux_ELSA-2020-5642.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2020/04/10

Updated: 2020/04/30

Dependencies: 122878, 12634

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2020-10942

CVSS v2.0

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/04/09

Vulnerability Publication Date: 2018/08/07

Reference Information

CVE: CVE-2018-5953, CVE-2019-18806, CVE-2020-10942