Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5676)

medium Nessus Plugin ID 136485
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.14.35-1902.302.2.el7uek]
- KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] {CVE-2013-1798}
- KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE (John Allen) [Orabug: 31213449] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206359] {CVE-2019-19527}
- HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206359] {CVE-2019-19527}
- net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 31198851] - net/rds: Fix MR reference counting problem (Ka-Cheong Poon) [Orabug: 31130197] - net/rds: Replace struct rds_mr's r_refcount with struct kref (Ka-Cheong Poon) [Orabug: 31130197] - rds: Fix use-after-free in rds_ib_free_caches (Hans Westgaard Ry) [Orabug: 31200770] - include/linux/relay.h: fix percpu annotation in struct rchan (Luc Van Oostenryck) [Orabug: 31183399] {CVE-2019-19462}
- uek-rpm: fix dts rpmbuild when using cross-compiler (Tom Saeger) [Orabug: 30896439] - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 30622561] {CVE-2019-19532}
- net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth device (Vijay Kumar) [Orabug: 31191751] - vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu) [Orabug: 31143946] {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8649}
- crypto: ecdh - fix big endian bug in ECC library (Ard Biesheuvel) [Orabug: 31203429] - KVM: x86: fix nested guest live migration with PML (Paolo Bonzini) [Orabug: 31202733] - KVM: x86: assign two bits to track SPTE kinds (Paolo Bonzini) [Orabug: 31202733] - x86/kvm/mmu: introduce guest_mmu (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/mmu.c: add kvm_mmu parameter to kvm_mmu_free_roots() (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/mmu.c: set get_pdptr hook in kvm_init_shadow_ept_mmu() (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/mmu: make vcpu->mmu a pointer to the current MMU (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/nVMX: allow bare VMXON state migration (Vitaly Kuznetsov) [Orabug: 31202164] - sched/fair: Prevent a division by 0 in scale_rt_capacity() (John Sobecki) [Orabug: 31124463] - blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123575] {CVE-2019-19768}
- blktrace: fix unlocked access to init/start-stop/teardown (Jens Axboe) [Orabug: 31123575] {CVE-2019-19768}

[4.14.35-1902.302.1.el7uek]
- xfs: revert commit c6314bc8055a (Darrick J. Wong) [Orabug: 31180825] - vt: selection, push sel_lock up (Jiri Slaby) [Orabug: 30923296] {CVE-2020-8648}
- vt: selection, push console lock down (Jiri Slaby) [Orabug: 30923296] {CVE-2020-8648}
- vt: selection, close sel_buffer race (Jiri Slaby) [Orabug: 30923296] {CVE-2020-8648} {CVE-2020-8648}
- net_sched: fix an OOB access in cls_tcindex (Cong Wang) [Orabug: 31181100] - mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) [Orabug: 31178433] - efi: Fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [Orabug: 30990726] - genhd: Fix use after free in __blkdev_get() (Jan Kara) [Orabug: 31161462] - blockdev: Fix livelocks on loop device (Jan Kara) [Orabug: 31161462] - net: validate untrusted gso packets without csum offload (Willem de Bruijn) [Orabug: 31161828] - slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136752] {CVE-2020-11494}
- crypto: user - fix leaking uninitialized memory to userspace (Eric Biggers) [Orabug: 31081816] {CVE-2018-19854}
- scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) [Orabug: 30770911] {CVE-2019-19965}
- dccp: Fix memleak in __feat_register_sp (YueHaibing) [Orabug: 30755059] {CVE-2019-20096}
- ovl: relax WARN_ON() on rename to self (Amir Goldstein) [Orabug: 30451796] - bnx2x: Fix VF's VLAN reconfiguration in reload. (Manish Chopra) - bnx2x: Remove configured vlans as part of unload sequence. (Sudarsana Reddy Kalluru) - sch_dsmark: fix potential NULL deref in dsmark_init() (Eric Dumazet) [Orabug: 30453287]

[4.14.35-1902.302.0.el7uek]
- mips64:uek-rpm/ol7/config-mips: Enable IP_SET configs (Vijay Kumar) [Orabug: 31123145] - IB/ipoib: Avoid race from waking up the transmission queue (Praveen Kumar Kannoju) [Orabug: 31118993] - KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118690] - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Wen Huang) [Orabug: 31104480] {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816}
- arch/mips: Discard the contents of the PCI console if the buffer is full for more than 10 milliseconds (Victor Michel) [Orabug: 31097950] - Add in-kernel X.509 certificate on mips64 (Eric Saint-Etienne) [Orabug: 31090468] - floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067513] {CVE-2020-9383}
- KVM: X86: Fix NULL deref in vcpu_scan_ioapic (Wanpeng Li) [Orabug: 31004914] - rds: Add debugfs for inc/frag cache statistics (Hans Westgaard Ry) [Orabug: 30827415] - rds: Add inc/frag cache statistics (Hans Westgaard Ry) [Orabug: 30827415] - rds: Control the CPU (de)allocating fragments (Hans Westgaard Ry) [Orabug: 30827415] - rds: Change caching strategy for receive buffers (Hans Westgaard Ry) [Orabug: 30827415] - rds: Add lockfree stack routines (Hans Westgaard Ry) [Orabug: 30827415]

[4.14.35-1902.301.2.el7uek]
- xfs: ratelimit inode flush on buffered write ENOSPC (Darrick J. Wong) [Orabug: 31056429]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2020-May/009907.html

Plugin Details

Severity: Medium

ID: 136485

File Name: oraclelinux_ELSA-2020-5676.nasl

Version: 1.2

Type: local

Agent: unix

Published: 5/12/2020

Updated: 5/14/2020

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

CVSS Score Source: CVE-2019-19527

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/11/2020

Vulnerability Publication Date: 3/22/2013

Reference Information

CVE: CVE-2013-1798, CVE-2018-19854, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-19462, CVE-2019-19527, CVE-2019-19532, CVE-2019-19768, CVE-2019-19965, CVE-2019-20096, CVE-2020-11494, CVE-2020-8647, CVE-2020-8648, CVE-2020-8649, CVE-2020-9383