Oracle Linux 7 : kernel (ELSA-2017-0933-1)

high Nessus Plugin ID 99386
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote Oracle Linux host is missing one or more security updates.


Description of changes:

- [3.10.0-514.]
- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(<A HREF=''>alexey.petrenko at</A>)
- Update x509.genkey [bug 24817676]

- [tty] n_hdlc: get rid of racy n_hdlc.tbuf ('Herton R. Krzesinski') [1429919 1429920] {CVE-2017-2636}
- [md] dm rq: cope with DM device destruction while in dm_old_request_fn() (Mike Snitzer) [1430334 1412854]
- [fs] nfs: Fix inode corruption in nfs_prime_dcache() (Benjamin Coddington) [1429514 1416532]
- [fs] nfs: Don't let readdirplus revalidate an inode that was marked as stale (Benjamin Coddington) [1429514 1416532]
- [block] Copy a user iovec if it includes gaps (Jeff Moyer) [1429508 1421263]
- [kernel] percpu-refcount: fix reference leak during percpu-atomic transition (Jeff Moyer) [1429507 1418333]
- [powerpc] eeh: eeh_pci_enable(): fix checking of post-request state (Steve Best) [1425538 1383670]
- [s390] mm: handle PTE-mapped tail pages in fast gup (Hendrik Brueckner) [1423438 1391532]
- [net] skbuff: Fix skb checksum partial check (Lance Richardson) [1422964 1411480]
- [net] skbuff: Fix skb checksum flag on skb pull (Lance Richardson) [1422964 1411480]
- [security] selinux: fix off-by-one in setprocattr (Paul Moore) [1422368 1422369] {CVE-2017-2618}
- [virtio] balloon: check the number of available pages in leak balloon (David Hildenbrand) [1417194 1401615]
- [infiniband] ib/rdmavt: Only put mmap_info ref if it exists (Jonathan Toppins) [1417191 1391299]
- [x86] kvm: x86: make lapic hrtimer pinned (Luiz Capitulino) [1416373 1392593]
- [kernel] sched/nohz: Fix affine unpinned timers mess (Luiz Capitulino) [1416373 1392593]
- [kernel] nohz: Affine unpinned timers to housekeepers (Luiz Capitulino) [1416373 1392593]
- [kernel] tick-sched: add housekeeping_mask cpumask (Luiz Capitulino) [1416373 1392593]
- [x86] platform/uv/bau: Add UV4-specific functions (Frank Ramsay) [1414715 1386692]
- [x86] platform/uv/bau: Fix payload queue setup on UV4 hardware (Frank Ramsay) [1414715 1386692]
- [x86] platform/uv/bau: Disable software timeout on UV4 hardware (Frank Ramsay) [1414715 1386692]
- [x86] platform/uv/bau: Populate ->uvhub_version with UV4 version information (Frank Ramsay) [1414715 1386692]
- [x86] platform/uv/bau: Use generic function pointers (Frank Ramsay) [1414715 1386692]
- [x86] platform/uv/bau: Add generic function pointers (Frank Ramsay) [1414715 1386692]
- [x86] platform/uv/bau: Convert uv_physnodeaddr() use to uv_gpa_to_offset() (Frank Ramsay) [1414715 1386692]
- [x86] platform/uv/bau: Clean up pq_init() (Frank Ramsay) [1414715 1386692]
- [x86] platform/uv/bau: Clean up and update printks (Frank Ramsay) [1414715 1386692]
- [x86] platform/uv/bau: Clean up vertical alignment (Frank Ramsay) [1414715 1386692]
- [virtio] virtio-pci: alloc only resources actually used (Laurent Vivier) [1413093 1375153]
- [net] avoid signed overflows for SO_{SND|RCV}BUFFORCE (Sabrina Dubroca) [1412473 1412474] {CVE-2016-9793}
- [netdrv] sfc: clear napi_hash state when copying channels (Jarod Wilson) [1401461 1394304]
- [lib] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) [1398457 1398458] {CVE-2016-8650}
- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Ewan Milne) [1430687 1366564]
- [md] dm round robin: revert 'use percpu 'repeat_count' and 'current_path'' (Mike Snitzer) [1430689 1422567]
- [md] dm round robin: do not use this_cpu_ptr() without having preemption disabled (Mike Snitzer) [1430689 1422567]
- Revert: [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738]
- Revert: [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738]
- Revert: [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738]
- Revert: [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738]
- Revert: [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738]


Update the affected kernel packages. Note that the updated packages may not be immediately available from the package repository and its mirrors.

See Also

Plugin Details

Severity: High

ID: 99386

File Name: oraclelinux_ELSA-2017-0933-1.nasl

Version: 3.5

Type: local

Agent: unix

Published: 4/14/2017

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Critical

Score: 9


Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C


Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel, p-cpe:/a:oracle:linux:kernel-abi-whitelists, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-doc, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel-tools, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:python-perf, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/13/2017

Exploitable With

Core Impact

Reference Information

CVE: CVE-2016-8650, CVE-2016-9793, CVE-2017-2618, CVE-2017-2636