Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5663)

high Nessus Plugin ID 136022
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 7.4

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[5.4.17-2011.1.2.el7uek]
- ctf: discard CTF from the vDSO (Nick Alcock) [Orabug: 31194036]

[5.4.17-2011.1.1.el7uek]
- slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136750] {CVE-2020-11494}
- blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123573] {CVE-2019-19768}
- KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118688]
- perf/x86/amd: Add support for Large Increment per Cycle Events (Kim Phillips) [Orabug: 31104924]
- perf/x86/amd: Constrain Large Increment per Cycle events (Kim Phillips) [Orabug: 31104924]
- kvm/svm: PKU not currently supported (John Allen) [Orabug: 31104924]
- KVM: SVM: Override default MMIO mask if memory encryption is enabled (Tom Lendacky) [Orabug: 31104924]
- EDAC/amd64: Drop some family checks for newer systems (Yazen Ghannam) [Orabug: 31104924]
- x86/amd_nb: Add Family 19h PCI IDs (Yazen Ghannam) [Orabug: 31104924]
- EDAC/mce_amd: Always load on SMCA systems (Yazen Ghannam) [Orabug: 31104924]
- x86/MCE/AMD, EDAC/mce_amd: Add new Load Store unit McaType (Yazen Ghannam) [Orabug: 31104924]
- EDAC/amd64: Add family ops for Family 19h Models 00h-0Fh (Yazen Ghannam) [Orabug: 31104924]
- EDAC/amd64: Check for memory before fully initializing an instance (Yazen Ghannam) [Orabug: 31104924]
- EDAC/amd64: Use cached data when checking for ECC (Yazen Ghannam) [Orabug: 31104924]
- EDAC/amd64: Save max number of controllers to family type (Yazen Ghannam) [Orabug: 31104924]
- EDAC/amd64: Gather hardware information early (Yazen Ghannam) [Orabug: 31104924]
- EDAC/amd64: Make struct amd64_family_type global (Yazen Ghannam) [Orabug: 31104924]
- floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067510] {CVE-2020-9383}
- KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (Tom Lendacky) [Orabug: 31012269]
- KVM: SVM: Serialize access to the SEV ASID bitmap (Tom Lendacky) [Orabug: 31012269]
- iommu/vt-d: Allow devices with RMRRs to use identity domain (Lu Baolu) [Orabug: 31127400]

[5.4.17-2011.1.0.el7uek]
- vhost: Check docket sk_family instead of call getname (Eugenio P&eacute rez) [Orabug: 31085989] {CVE-2020-10942}
- selftests/net: add definition for SOL_DCCP to fix compilation errors for old libc (Alan Maguire) [Orabug: 31078892]
- kernel: cpu.c: fix print typo about SMT status (Mihai Carabas) [Orabug: 31053334]
- nfs: optimise readdir cache page invalidation (Dai Ngo) [Orabug: 31044292]
- NFS: Directory page cache pages need to be locked when read (Trond Myklebust) [Orabug: 31044292]
- rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 31032126]
- efi: Fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [Orabug: 31020408]
- net: Support GRO/GSO fraglist chaining. (Steffen Klassert) [Orabug: 30670829]
- net: Add fraglist GRO/GSO feature flags (Steffen Klassert) [Orabug: 30670829]
- udp: Support UDP fraglist GRO/GSO. (Steffen Klassert) [Orabug: 30670829]
- net: remove the check argument from __skb_gro_checksum_convert (Li RongQing) [Orabug: 30670829]
- Revert 'nvme_fc: add module to ops template to allow module references' (John Donnelly) [Orabug: 31119387]
- ext4: add cond_resched() to ext4_protect_reserved_inode (Shijie Luo) [Orabug: 31067112] {CVE-2020-8992}
- dsa: disable module unloading for ARM64 (Allen Pais) [Orabug: 30456791]
- bpf: Undo incorrect __reg_bound_offset32 handling (Daniel Borkmann) [Orabug: 31127385] {CVE-2020-8835}
- bpf: Fix tnum constraints for 32-bit comparisons (Jann Horn) [Orabug: 31127385] {CVE-2020-8835}

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2020-April/009868.html

https://oss.oracle.com/pipermail/el-errata/2020-April/009869.html

Plugin Details

Severity: High

ID: 136022

File Name: oraclelinux_ELSA-2020-5663.nasl

Version: 1.2

Type: local

Agent: unix

Published: 4/28/2020

Updated: 4/30/2020

Dependencies: 122878, 12634

Risk Information

Risk Factor: High

VPR Score: 7.4

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/28/2020

Vulnerability Publication Date: 12/12/2019

Reference Information

CVE: CVE-2019-19768, CVE-2020-10942, CVE-2020-11494, CVE-2020-8835, CVE-2020-8992, CVE-2020-9383