Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2022)

Medium Nessus Plugin ID 68677

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.8

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

* Avoid bug caused by corrupted Ext4 filesystem.

When mounting an ext4 filesystem, the kernel was not checking for zero length extents. This would cause a BUG_ON assertion failure in the log.


* NULL pointer dereference in the SCSI subsystem.

A NULL dereference may occur if a SCSI device is physically removed without being logically removed from the system.

This would lead to a NULL dereference since the revalidation routine assumed the device is always present while it runs.


* Resource leak in USB networking driver.

The usbnet core incorrectly cleared a pointer to the underlying device resulting in a resource leak when unlinking requests.


* Inode corruption in XFS inode lookup.

The XFS inode cache did not correctly initialize the inode before insertion into the cache which could result in corruption when racing with an inode lookup.


* Kernel crash in SUNRPC cache management.

Many SUNRPC cache implementations would not handle a zero-length string resulting in a kernel panic.


* Unbalanced locking in VFS non-local alias search.

A code path responsible for finding aliases on a non-local filesystem did not correctly release a lock resulting in a system hang.


* Memory corruption on nfsd shutdown.

A race condition between closing down a SUNRPC transport and enqueueing data could result in a use-after-free condition resulting in a denial-of-service or privilege escalation.


* NULL pointer dereference with misconfigured USB FTDI devices.

A USB FTDI without a manufacturer string would result in a NULL pointer dereference and kernel crash when the device was plugged in.


* Kernel information leak in X86 ptrace TLS regset.

The TLS lookup could run off the end of the descriptor list reading from kernel memory.


* Divide-by-zero in NTP.

Integer overflow in NTP when setting the time could result in a divide-by-zero and kernel panic.


* CVE-2011-4127: KVM privilege escalation through insufficient validation in SG_IO ioctl.

Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device.

In KVM (Kernel-based Virtual Machine) environments using raw format virtio disks backed by a partition or LVM volume, a privileged guest user could bypass intended restrictions and issue read and write requests (and other SCSI commands) on the host, and possibly access the data of other guests that reside on the same underlying block device.


* CVE-2012-2384: Integer overflow in Intel i915 command processing.

An integer overflow in the Intel i915 family display driver could cause memory corruption on 32-bit systems.


* Correctly merge virtual memory areas when binding.

When mbind() is called for adjacent areas, they are expected to be merged into a single virtual memory area.


* Small UDP packets dropped on transmission consistently in vmxnet3.

Small (<54 byte) packets will get dropped consistently on transmission due to an error in the optimization of the code.


* CVE-2011-4131: Kernel crash in NFSv4.

nfs4_getfacl decoding causes a kernel crash when a server returns more than 2 GETATTR bitmap words in response to the FATTR4_ACL attribute request.

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2012-July/002896.html

https://oss.oracle.com/pipermail/el-errata/2012-July/002897.html

Plugin Details

Severity: Medium

ID: 68677

File Name: oraclelinux_ELSA-2012-2022.nasl

Version: 1.14

Type: local

Agent: unix

Published: 2013/07/12

Updated: 2020/09/24

Dependencies: 12634, 122878

Risk Information

Risk Factor: Medium

VPR Score: 5.8

CVSS v2.0

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/07/02

Vulnerability Publication Date: 2012/05/17

Reference Information

CVE: CVE-2011-4127, CVE-2011-4131, CVE-2012-2384

BID: 51176, 53971