Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5691)

Medium Nessus Plugin ID 136727

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

Description of changes: [5.4.17-2011.2.2.el8uek] - scsi: qla2xxx: Move free of fcport out of interrupt context (Joe Carnuccio) [Orabug: 31225231] - xfs: move inode flush to the sync workqueue (Darrick J. Wong) [Orabug: 31132665] - arm64: Kconfig: Enable NODES_SPAN_OTHER_NODES config for NUMA (Hoan Tran) [Orabug: 31049202] - scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Laurence Oberman) [Orabug: 31207643] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31264694] [5.4.17-2011.2.1.el8uek] - x86/mce: Restart the system when LMCE UE error occurs (Thomas Tai) [Orabug: 31218859] - media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31213764] {CVE-2020-11668} - media: ov519: add missing endpoint sanity checks (Johan Hovold) [Orabug: 31213755] {CVE-2020-11608} - x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE (John Allen) [Orabug: 31213533] - media: stv06xx: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31200576] {CVE-2020-11609} - rds: Fix use-after-free in rds_ib_free_caches (Hans Westgaard Ry) [Orabug: 31200768] - net/rds: Fix MR reference counting problem (Ka-Cheong Poon) [Orabug: 31130194] - net/rds: Replace struct rds_mr's r_refcount with struct kref (Ka-Cheong Poon) [Orabug: 31130194] - ctf: discard CTF from the vDSO (Nick Alcock) [Orabug: 31194036] [5.4.17-2011.2.0.el8uek] - RDMA/rxe: Enhance Soft Roce to support Oracle proprietary shared PD extension (Rao Shoaib) [Orabug: 31094525] - mm: Avoid creating virtual address aliases in brk()/mmap()/mremap() (Catalin Marinas) [Orabug: 31053313] {CVE-2020-9391} - rds: Add debugfs for inc/frag cache statistics (Hans Westgaard Ry) [Orabug: 31137997] - rds: Add inc/frag cache statistics (Hans Westgaard Ry) [Orabug: 31137997] - rds: Control the CPU (de)allocating fragments (Hans Westgaard Ry) [Orabug: 31137997]
- rds: Change caching strategy for receive buffers (Hans Westgaard Ry) [Orabug: 31137997] - rds: Add lockfree stack routines (Hans Westgaard Ry) [Orabug: 31137997] - net_sched: fix an OOB access in cls_tcindex (Cong Wang) [Orabug: 30871138] - vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu) [Orabug: 31143943] {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8647}

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2020-May/009964.html

https://oss.oracle.com/pipermail/el-errata/2020-May/009965.html

Plugin Details

Severity: Medium

ID: 136727

File Name: oraclelinux_ELSA-2020-5691.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2020/05/20

Updated: 2020/05/26

Dependencies: 12634, 122878

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.6

Temporal Score: 4.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/05/19

Vulnerability Publication Date: 2020/02/06

Reference Information

CVE: CVE-2020-11608, CVE-2020-11609, CVE-2020-11668, CVE-2020-8647, CVE-2020-8649, CVE-2020-9391