Oracle Linux 6 : kernel (ELSA-2018-2164)

high Nessus Plugin ID 110996

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-2164 advisory.

- [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1596113] {CVE-2018-10872}
- [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1576757] {CVE-2018-10675}
- [x86] virt_spec_ctrl: Set correct host SSDB value for AMD (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Disable SSBD update from scheduler if not user settable (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Remove thread_info check in __wrmsr_on_cpu() (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Write per-thread SSBD state to spec_ctrl_pcp (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Add a read-only ssbd_enabled debugfs file (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU features (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs/intel: Set proper CPU features and setup RDS (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Rework spec_ctrl base and mask logic (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Rework SPEC_CTRL update after late microcode loading (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Make sync_all_cpus_ibrs() write spec_ctrl_pcp value (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Unify x86_spec_ctrl_{set_guest, restore_host} (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Rework speculative_store_bypass_update() (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Add virtualized speculative store bypass disable support (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] KVM: Rename KVM SPEC_CTRL MSR functions to match upstream (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Handle HT correctly on AMD (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] cpufeatures: Add FEATURE_ZEN (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] cpufeatures: Disentangle SSBD enumeration (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Use synthetic bits for IBRS/IBPB/STIBP (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Fix missing void (Waiman Long) [1584356] {CVE-2018-3639}
- [documentation] spec_ctrl: Do some minor cleanups (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Make 'seccomp' the default mode for Speculative Store Bypass (Waiman Long) [1584356] {CVE-2018-3639}
- [kernel] seccomp: Move speculation migitation control to arch code (Waiman Long) [1584356] {CVE-2018-3639}
- [kernel] seccomp: Use PR_SPEC_FORCE_DISABLE (Waiman Long) [1584356] {CVE-2018-3639}
- [uapi] prctl: Add force disable speculation (Waiman Long) [1584356] {CVE-2018-3639}
- [kernel] seccomp: Enable speculation flaw mitigations (Waiman Long) [1584356] {CVE-2018-3639}
- [fs] proc: Provide details on speculation flaw mitigations (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] nospec: Allow getting/setting on non-current task (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Show IBPB in the Spectre_v2 sysfs file (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] pti: Check MSR_IA32_ARCH_CAPABILITIES for Meltdown vulnearability (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] pti: Fix kexec warning on debug kernel (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] kvm/fpu: Enable eager FPU restore (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] always enable eager FPU by default (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Load xsave pointer *after* initialization (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Fix 32-bit signal frame handling (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Always restore_xinit_state() when use_eager_cpu() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Rename drop_init_fpu() to fpu_reset_state() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Fix math_state_restore() race with kernel_fpu_begin() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Fold __drop_fpu() into its sole user (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Don't abuse drop_init_fpu() in flush_thread() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Introduce restore_init_xstate() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Document user_fpu_begin() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Change xstateregs_get()/set() to use ->xsave.i387 rather than ->fxsave (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Always allow FPU in interrupt if use_eager_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Introduce per-cpu in_kernel_fpu state (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Change math_error() to use unlazy_fpu(), kill (now) unused save_init_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Merge simd_math_error() into math_error() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Don't reset thread.fpu_counter (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: shift drop_init_fpu() from save_xstate_sig() to handle_signal() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Allow FPU to be used at interrupt time even with eagerfpu (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387.c: Initialize thread xstate only on CPU0 only once (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] kvm: fix kvm's usage of kernel_fpu_begin/end() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] rhel: initialize scattered CPUID features early (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: make eagerfpu= boot param tri-state (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: enable eagerfpu by default for xsaveopt (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: decouple non-lazy/eager fpu restore from xsave (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: use non-lazy fpu restore for processors supporting xsave (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: remove unnecessary user_fpu_end() in save_xstate_sig() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: drop_fpu() before restoring new state from sigframe (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Unify signal handling code paths for x86 and x86_64 kernels (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: drop the fpu state during thread exit (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] signals: ia32_signal.c: add __user casts to fix sparse warnings (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Consolidate inline asm routines for saving/restoring fpu state (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] signal: Cleanup ifdefs and is_ia32, is_x32 (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu/xsave: Keep __user annotation in casts (Paolo Bonzini) [1589047] {CVE-2018-3665} (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] extable: Remove open-coded exception table entries in arch/x86/include/asm/xsave.h (Paolo Bonzini) [1589047] {CVE-2018-3665} into exported and internal interfaces (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: Uninline the generic FP helpers that we expose to kernel modules (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: (DON'T ACTUALLY) support lazy restore of FPU state (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: use 'restore_fpu_checking()' directly in task switching code (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: fix up some fpu_counter confusion (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: re-introduce FPU state preloading at context switch time (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: move TS_USEDFPU flag from thread_info to task_struct (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: move AMD K7/K8 fpu fxsave/fxrstor workaround from save to restore (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: do not preload FPU state at task switch time (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: don't ever touch TS_USEDFPU directly, use helper functions (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: move TS_USEDFPU clearing out of __save_init_fpu and into callers (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: fix x86-64 preemption-unsafe user stack save/restore (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: math_state_restore() isn't called from asm (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fix potentially dangerous trailing '; ' in #defined values/expressions (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-32, fpu: Fix FPU exception handling on non-SSE systems (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Fix common misspellings (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] kvm: Initialize fpu state in preemptible context (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Merge fpu_save_init() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-32, fpu: Rewrite fpu_save_init() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Remove PSHUFB_XMM5_* macros (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Remove unnecessary ifdefs from i387 code. (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-64, fpu: Simplify constraints for fxsave/fxtstor (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-64, fpu: Fix cs value in convert_from_fxsr() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-64, fpu: Disable preemption when using TS_USEDFPU (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Merge __save_init_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Merge tolerant_fwait() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Merge fpu_init() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Disable xsave in i387 emulation mode (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Make xstate_enable_boot_cpu() __init, protect on CPU 0 (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Add __init attribute to setup_xstate_features() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Make init_xstate_buf static (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Check cpuid level for XSTATE_CPUID (0x0d) (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Introduce xstate enable functions (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Do not include asm/i387.h in asm/xsave.h (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Avoid unnecessary __clear_user() and xrstor in signal handling (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Cleanup return codes in check_for_xstate() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Separate fpu and xsave initialization (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Move boot cpu initialization to xsave_init() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Revert '[x86] fpu: change save_i387_xstate() to rely on unlazy_fpu()' (Paolo Bonzini) [1589047] {CVE-2018-3665}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2018-2164.html

Plugin Details

Severity: High

ID: 110996

File Name: oraclelinux_ELSA-2018-2164.nasl

Version: 1.10

Type: local

Agent: unix

Published: 7/11/2018

Updated: 10/23/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-10675

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-abi-whitelists, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-firmware, p-cpe:/a:oracle:linux:python-perf, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/10/2018

Vulnerability Publication Date: 4/19/2018

Reference Information

CVE: CVE-2018-10675, CVE-2018-10872, CVE-2018-3639, CVE-2018-3665

RHSA: 2018:2164