Oracle Linux 6 : kernel (ELSA-2018-1651)

medium Nessus Plugin ID 109984

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-1651 advisory.

- [x86] x86/kvm: fix CPUID_7_EDX (word 18) mask (Jan Stancek) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/bugs: Rename _RDS to _SSBD (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [kernel] prctl: Add speculation control prctls (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/kvm: Expose the RDS bit to the guest (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/cpuid: Fix up 'virtual' IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] x86/cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566893 1566899] {CVE-2018-3639}
- [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566893 1566899] {CVE-2018-3639}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2018-1651.html

Plugin Details

Severity: Medium

ID: 109984

File Name: oraclelinux_ELSA-2018-1651.nasl

Version: 1.15

Type: local

Agent: unix

Published: 5/23/2018

Updated: 10/23/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-3639

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-abi-whitelists, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-firmware, p-cpe:/a:oracle:linux:python-perf, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel, cpe:/o:oracle:linux:6

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/22/2018

Vulnerability Publication Date: 5/21/2018

Reference Information

CVE: CVE-2018-3639

RHSA: 2018:1651