Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2022)

medium Nessus Plugin ID 68677
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

* Avoid bug caused by corrupted Ext4 filesystem.

When mounting an ext4 filesystem, the kernel was not checking for zero length extents. This would cause a BUG_ON assertion failure in the log.


* NULL pointer dereference in the SCSI subsystem.

A NULL dereference may occur if a SCSI device is physically removed without being logically removed from the system.

This would lead to a NULL dereference since the revalidation routine assumed the device is always present while it runs.


* Resource leak in USB networking driver.

The usbnet core incorrectly cleared a pointer to the underlying device resulting in a resource leak when unlinking requests.


* Inode corruption in XFS inode lookup.

The XFS inode cache did not correctly initialize the inode before insertion into the cache which could result in corruption when racing with an inode lookup.


* Kernel crash in SUNRPC cache management.

Many SUNRPC cache implementations would not handle a zero-length string resulting in a kernel panic.


* Unbalanced locking in VFS non-local alias search.

A code path responsible for finding aliases on a non-local filesystem did not correctly release a lock resulting in a system hang.


* Memory corruption on nfsd shutdown.

A race condition between closing down a SUNRPC transport and enqueueing data could result in a use-after-free condition resulting in a denial-of-service or privilege escalation.


* NULL pointer dereference with misconfigured USB FTDI devices.

A USB FTDI without a manufacturer string would result in a NULL pointer dereference and kernel crash when the device was plugged in.


* Kernel information leak in X86 ptrace TLS regset.

The TLS lookup could run off the end of the descriptor list reading from kernel memory.


* Divide-by-zero in NTP.

Integer overflow in NTP when setting the time could result in a divide-by-zero and kernel panic.


* CVE-2011-4127: KVM privilege escalation through insufficient validation in SG_IO ioctl.

Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device.

In KVM (Kernel-based Virtual Machine) environments using raw format virtio disks backed by a partition or LVM volume, a privileged guest user could bypass intended restrictions and issue read and write requests (and other SCSI commands) on the host, and possibly access the data of other guests that reside on the same underlying block device.


* CVE-2012-2384: Integer overflow in Intel i915 command processing.

An integer overflow in the Intel i915 family display driver could cause memory corruption on 32-bit systems.


* Correctly merge virtual memory areas when binding.

When mbind() is called for adjacent areas, they are expected to be merged into a single virtual memory area.


* Small UDP packets dropped on transmission consistently in vmxnet3.

Small (<54 byte) packets will get dropped consistently on transmission due to an error in the optimization of the code.


* CVE-2011-4131: Kernel crash in NFSv4.

nfs4_getfacl decoding causes a kernel crash when a server returns more than 2 GETATTR bitmap words in response to the FATTR4_ACL attribute request.

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2012-July/002896.html

https://oss.oracle.com/pipermail/el-errata/2012-July/002897.html

Plugin Details

Severity: Medium

ID: 68677

File Name: oraclelinux_ELSA-2012-2022.nasl

Version: 1.16

Type: local

Agent: unix

Published: 7/12/2013

Updated: 8/24/2021

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/2/2012

Vulnerability Publication Date: 5/17/2012

Reference Information

CVE: CVE-2011-4127, CVE-2011-4131, CVE-2012-2384

BID: 51176, 53971