Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5756)

medium Nessus Plugin ID 138488
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6.1

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[5.4.17-2011.4.4.el8uek]
- KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (Sean Christopherson) [Orabug: 31536904]

[5.4.17-2011.4.3.el8uek]
- NFS: replace cross device check in copy_file_range (Olga Kornievskaia) [Orabug: 31507615] - rds: Fix potential use after free in rds_ib_inc_free (Hans Westgaard Ry) [Orabug: 31504052] - perf/smmuv3: Allow sharing MMIO registers with the SMMU driver (Jean-Philippe Brucker) [Orabug: 31422283] - perf/smmuv3: use devm_platform_ioremap_resource() to simplify code (YueHaibing) [Orabug: 31422283] - ACPI/IORT: Fix PMCG node single ID mapping handling (Tuan Phan) [Orabug: 31422283] - uek-rpm: Increase CONFIG_NODES_SHIFT from 2 to 3 (Dave Kleikamp) [Orabug: 31422283] - perf: avoid breaking KABI by reusing enum (Dave Kleikamp) [Orabug: 31422283] - uek-rpm: update aarch64 configs for Ampere eMAG2 (Dave Kleikamp) [Orabug: 31422283] - perf: arm_dmc620: Update ACPI ID. (Tuan Phan) [Orabug: 31422283] - perf: arm_dsu: Support ACPI mode. (Tuan Phan) [Orabug: 31422283] - perf: arm_dsu: Allow IRQ to be shared among devices. (Tuan Phan) [Orabug: 31422283] - perf: arm_cmn: improve and make it work on 2P. (Tuan Phan) [Orabug: 31422283] - Perf: arm-cmn: Allow irq to be shared. (Tuan Phan) [Orabug: 31422283] - BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 31422283] - BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 31422283] - BACKPORT: mm/memory-failure: Add memory_failure_queue_kick() (James Morse) [Orabug: 31422283] - perf: Add ARM DMC-620 PMU driver. (Tuan Phan) [Orabug: 31422283] - BACKPORT: WIP: perf/arm-cmn: Add ACPI support (Robin Murphy) [Orabug: 31422283] - BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 31422283] - BACKPORT: perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 31422283] - net/rds: NULL pointer de-reference in rds_ib_add_one() (Ka-Cheong Poon) [Orabug: 30984983] - mm: Fix mremap not considering huge pmd devmap (Fan Yang) [Orabug: 31452396] {CVE-2020-10757} {CVE-2020-10757}

[5.4.17-2011.4.2.el8uek]
- UEK6 compiler warning for /net/rds/ib.c (Sharath Srinivasan) [Orabug: 31489529] - UEK6 compiler warning for /net/rds/send.c (Sharath Srinivasan) [Orabug: 31489529] - Fix up two build warnings in the UEK6 GA tree (Jack Vogel) [Orabug: 31489333] - drivers/scsi/scsi_scan.c Fix the compiler warning. (Sudhakar Panneerselvam) [Orabug: 31489322] - x86/retpoline: Fix retpoline unwind (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86: Change {JMP,CALL}_NOSPEC argument (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86: Simplify retpoline declaration (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86/speculation: Change STUFF_RSB to work with objtool (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - x86/speculation: Change FILL_RETURN_BUFFER to work with objtool (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86/unwind: Introduce UNWIND_HINT_EMPTY_ASM (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Add support for intra-function calls (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Remove INSN_STACK (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: Make handle_insn_ops() unconditional (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: Rework allocating stack_ops on decode (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: UNWIND_HINT_RET_OFFSET should not check registers (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: is_fentry_call() crashes if call has no destination (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Uniquely identify alternative instruction groups (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Remove check preventing branches within alternative (Julien Thierry) [Orabug: 31077463] [Orabug: 31489320] - objtool: Introduce HINT_RET_OFFSET (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: Support multiple stack_op per instruction (Julien Thierry) [Orabug: 31077463] [Orabug: 31489320]

[5.4.17-2011.4.1.el8uek]
- uek-rpm: disable CONFIG_IP_PNP (Anjali Kulkarni) [Orabug: 31454844] - netfilter: ipset: Fix forceadd evaluation path (Jozsef Kadlecsik) [Orabug: 31104176] - scsi: megaraid_sas: Update driver version to 07.714.04.00-rc1 (Chandrakanth Patil) [Orabug: 31481642] - scsi: megaraid_sas: TM command refire leads to controller firmware crash (Sumit Saxena) [Orabug: 31481642] - scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (Shivasharan S) [Orabug: 31481642] - scsi: megaraid_sas: Remove IO buffer hole detection logic (Sumit Saxena) [Orabug: 31481642] - scsi: megaraid_sas: Limit device queue depth to controller queue depth (Kashyap Desai) [Orabug: 31481642] - scsi: megaraid: make two symbols static in megaraid_sas_base.c (Jason Yan) [Orabug: 31481642] - scsi: megaraid: make some symbols static in megaraid_sas_fusion.c (Jason Yan) [Orabug: 31481642] - scsi: megaraid_sas: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31481642] - scsi: megaraid_sas: fix indentation issue (Colin Ian King) [Orabug: 31481642]
- scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Hannes Reinecke) [Orabug: 31481642] - scsi: megaraid_sas: Update driver version to 07.713.01.00-rc1 (Anand Lodnoor) [Orabug: 31481642] - scsi: megaraid_sas: Limit the number of retries for the IOCTLs causing firmware fault (Anand Lodnoor) [Orabug: 31481642] - scsi: megaraid_sas: Re-Define enum DCMD_RETURN_STATUS (Anand Lodnoor) [Orabug: 31481642] - scsi: megaraid_sas: Do not set HBA Operational if FW is not in operational state (Anand Lodnoor) [Orabug: 31481642] - scsi: megaraid_sas: Do not kill HBA if JBOD Seqence map or RAID map is disabled (Anand Lodnoor) [Orabug: 31481642] - scsi: megaraid_sas: Do not kill host bus adapter, if adapter is already dead (Anand Lodnoor) [Orabug: 31481642] - scsi: megaraid_sas: Update optimal queue depth for SAS and NVMe devices (Anand Lodnoor) [Orabug: 31481642] - scsi: megaraid_sas: Set no_write_same only for Virtual Disk (Anand Lodnoor) [Orabug: 31481642] - scsi: megaraid_sas: Reset adapter if FW is not in READY state after device resume (Anand Lodnoor) [Orabug: 31481642] - scsi: megaraid_sas: Make poll_aen_lock static (YueHaibing) [Orabug: 31481642] - scsi: megaraid_sas: remove unused variables 'debugBlk','fusion' (zhengbin) [Orabug: 31481642] - scsi: megaraid_sas: Unique names for MSI-X vectors (Chandrakanth Patil) [Orabug: 31481642] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31352779] {CVE-2020-0543}
- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352779] {CVE-2020-0543}
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352779] {CVE-2020-0543}
- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31352779] {CVE-2020-0543}
- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31352779] {CVE-2020-0543}
- x86/speculation/spectre_v2: Exclude Zhaoxin CPUs from SPECTRE_V2 (Tony W Wang-oc) [Orabug: 31352779] {CVE-2020-0543}
- netlabel: cope with NULL catmap (Paolo Abeni) [Orabug: 31350489] {CVE-2020-10711}
- xfs: fix freeze hung (Junxiao Bi) [Orabug: 31430850]

[5.4.17-2011.4.0.el8uek]
- bnxt_en: Fix accumulation of bp->net_stats_prev. (Vijayendra Suman) [Orabug: 31390687] - xfs: add agf freeblocks verify in xfs_agf_verify (Zheng Bin) [Orabug: 31350920] {CVE-2020-12655}
- scsi: sg: add sg_remove_request in sg_write (Wu Bo) [Orabug: 31350695] {CVE-2020-12770}
- PCI/AER: Enable reporting for ports enumerated after AER driver registration (Thomas Tai) [Orabug: 31401801] - A/A Bonding: No need to call flush rdmaip_wq in rdmaip_cleanup() (Ka-Cheong Poon) [Orabug: 31378706] - net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31398437] - locks: reinstate locks_delete_block optimization (Linus Torvalds) [Orabug: 31356246] {CVE-2019-19769}
- locks: fix a potential use-after-free problem when wakeup a waiter (yangerkun) [Orabug: 31356246] {CVE-2019-19769} {CVE-2019-19769}

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2020-July/010114.html

https://oss.oracle.com/pipermail/el-errata/2020-July/010115.html

Plugin Details

Severity: Medium

ID: 138488

File Name: oraclelinux_ELSA-2020-5756.nasl

Version: 1.3

Type: local

Agent: unix

Published: 7/15/2020

Updated: 7/17/2020

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

Risk Factor: Medium

VPR Score: 6.1

CVSS v2.0

Base Score: 6.9

Temporal Score: 5.1

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/14/2020

Vulnerability Publication Date: 12/12/2019

Reference Information

CVE: CVE-2019-19769, CVE-2020-0543, CVE-2020-10711, CVE-2020-10757, CVE-2020-12655, CVE-2020-12770