Oracle Linux 9 : kernel (ELSA-2024-3306)

medium Nessus Plugin ID 197927

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3306 advisory.

[5.14.0-427.18.1_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-427.18.1_4]
- netfilter: nf_tables: disallow anonymous set with timeout flag (Phil Sutter) [RHEL-32971 RHEL-30082] {CVE-2024-26642}
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (Phil Sutter) [RHEL-33070 RHEL-30078] {CVE-2024-26643}
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (Phil Sutter) [RHEL-32963 RHEL-31345] {CVE-2024-26673}
- netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Phil Sutter) [RHEL-32963 RHEL-31345] {CVE-2024-26673}
- arm64: tlb: Fix TLBI RANGE operand (Shaoqin Huang) [RHEL-33412 RHEL-26259]
- arm64/mm: Modify range-based tlbi to decrement scale (Shaoqin Huang) [RHEL-33412 RHEL-26259]
- rh_messages.h: mark mlx5 on Bluefield-3 as unmaintained (Scott Weaver) [RHEL-35878 RHEL-33061]
- net: ip_tunnel: prevent perpetual headroom growth (Guillaume Nault) [RHEL-33934 RHEL-31816] {CVE-2024-26804}
- gitlab-ci: use zstream builder container image (Michael Hofmann)
- selftests: net: gro fwd: update vxlan GRO test expectations (Antoine Tenart) [RHEL-30910 RHEL-19729]
- udp: prevent local UDP tunnel packets from being GROed (Antoine Tenart) [RHEL-30910 RHEL-19729]
- udp: do not transition UDP GRO fraglist partial checksums to unnecessary (Antoine Tenart) [RHEL-30910 RHEL-19729]
- gro: fix ownership transfer (Antoine Tenart) [RHEL-30910 RHEL-19729]
- udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [RHEL-30910 RHEL-19729]
- bpf, tcx: Get rid of tcx_link_const (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add additional mprog query test coverage (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Make seen_tc* variable tests more robust (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Test query on empty mprog and pass revision into attach (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Adapt assert_mprog_count to always expect 0 count (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Test bpf_mprog query API via libbpf and raw syscall (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftest/bpf: Add various selftests for program limits (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpf: Refuse unused attributes in bpf_prog_{attach,detach} (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpf: Handle bpf_mprog_query with NULL entry (Felix Maurer) [RHEL-33062 RHEL-28590]
- net: Fix skb consume leak in sch_handle_egress (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add various more tcx test cases (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add test for detachment on empty mprog entry (Felix Maurer) [RHEL-33062 RHEL-28590]
- tcx: Fix splat during dev unregister (Felix Maurer) [RHEL-33062 RHEL-28590]
- tcx: Fix splat in ingress_destroy upon tcx_entry_free (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add mprog API tests for BPF tcx links (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add mprog API tests for BPF tcx opts (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpf: Add fd-based tcx multi-prog infra with link support (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpftool: Implement link show support for tcx (Artem Savkov) [RHEL-33062 RHEL-23643]
- bpftool: Extend net dump with tcx progs (Artem Savkov) [RHEL-33062 RHEL-23643]
- bpf: fix precision backtracking instruction iteration (Jay Shin) [RHEL-35230 RHEL-23643]

[5.14.0-427.17.1_4]
- ceph: switch to use cap_delay_lock for the unlink delay list (Jay Shin) [RHEL-33003 RHEL-32997]
- ceph: remove useless session parameter for check_caps() (Xiubo Li) [RHEL-33003 RHEL-19813]
- ceph: flush the dirty caps immediatelly when quota is approaching (Xiubo Li) [RHEL-33003 RHEL-19813]
- vhost: Add smp_rmb() in vhost_enable_notify() (Gavin Shan) [RHEL-31839 RHEL-26104]
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (Gavin Shan) [RHEL-31839 RHEL-26104]
- iommu/vt-d: Support enforce_cache_coherency only for empty domains (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- iommu/vt-d: Add MTL to quirk list to skip TE disabling (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- iommu/vt-d: Make context clearing consistent with context mapping (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- iommu/vt-d: Disable PCI ATS in legacy passthrough mode (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- iommu/vt-d: Omit devTLB invalidation requests when TES=0 (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- PCI/MSI: Prevent MSI hardware interrupt number truncation (Myron Stowe) [RHEL-33656 RHEL-21453]

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2024-3306.html

Plugin Details

Severity: Medium

ID: 197927

File Name: oraclelinux_ELSA-2024-3306.nasl

Version: 1.1

Type: local

Agent: unix

Published: 5/25/2024

Updated: 5/25/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.0

CVSS v2

Risk Factor: Medium

Base Score: 5.2

Temporal Score: 3.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:N/A:C

CVSS Score Source: CVE-2024-26673

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:rtla, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-cross-headers, p-cpe:/a:oracle:linux:kernel-debug-modules, p-cpe:/a:oracle:linux:kernel-tools, p-cpe:/a:oracle:linux:rv, p-cpe:/a:oracle:linux:kernel-debug-devel, cpe:/a:oracle:linux:9::appstream, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel-debug-uki-virt, p-cpe:/a:oracle:linux:kernel-debug-modules-core, p-cpe:/a:oracle:linux:kernel-modules, p-cpe:/a:oracle:linux:kernel-debug-devel-matched, p-cpe:/a:oracle:linux:kernel-abi-stablelists, cpe:/a:oracle:linux:9::codeready_builder, p-cpe:/a:oracle:linux:kernel-devel-matched, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-core, p-cpe:/a:oracle:linux:kernel-modules-core, p-cpe:/a:oracle:linux:kernel-uki-virt, p-cpe:/a:oracle:linux:libperf, p-cpe:/a:oracle:linux:kernel-debug-modules-extra, p-cpe:/a:oracle:linux:python3-perf, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-debug-core, cpe:/o:oracle:linux:9:4:baseos_patch, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-modules-extra, cpe:/o:oracle:linux:9::baseos_latest, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:kernel

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 5/23/2024

Vulnerability Publication Date: 3/21/2024

Reference Information

CVE: CVE-2024-26642, CVE-2024-26643, CVE-2024-26673, CVE-2024-26804