Detections
Analytics

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4669)

medium Nessus Plugin ID 125665

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4669 advisory.

 [4.1.12-124.27.2]
 - x86/speculation/mds: Check for the right microcode before setting mitigation (Kanth Ghatraju) [Orabug:
 29797118]
 - vxlan: test dev->flags & IFF_UP before accessing vxlan->dev->dev_addr (Venkat Venkatsubra) [Orabug:
 29710939]
 - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (Eric Dumazet) [Orabug: 29710939]
 - nvme: allow timed-out ios to retry (James Smart) [Orabug: 29301607]
 - rds: Introduce a pool of worker threads for connection management (Hakon Bugge) [Orabug: 29391909]
 - rds: Use rds_conn_path cp_wq when applicable (Hakon Bugge) [Orabug: 29391909]
 - rds: ib: Implement proper cm_id compare (Hakon Bugge) [Orabug: 29391909]
 - Revert 'net/rds: prevent RDS connections using stale ARP entries' (Hakon Bugge) [Orabug: 29391909]
 - rds: ib: Flush ARP cache when needed (Hakon Bugge) [Orabug: 29391909]
 - rds: Add simple heuristics to determine connect delay (Hakon Bugge) [Orabug: 29391909]
 - rds: Fix one-sided connect (Hakon Bugge) [Orabug: 29391909]
 - rds: Consolidate and align ftrace related to connection management (Hakon Bugge) [Orabug: 29391909]
 - rds: ib: Fix gratuitous ARP storm (Hakon Bugge) [Orabug: 29391909]
 - IB/mlx4: Increase the timeout for CM cache (Hakon Bugge) [Orabug: 29391909]
 - kvm/speculation: Allow KVM guests to use SSBD even if host does not (Alejandro Jimenez) [Orabug:
 29423804]
 - x86/speculation: Keep enhanced IBRS on when spec_store_bypass_disable=on is used (Alejandro Jimenez) [Orabug: 29423804]
 - x86/speculation: Clean up enhanced IBRS checks in bugs_64.c (Alejandro Jimenez) [Orabug: 29423804]
 - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (Andrea Arcangeli) [Orabug: 29510356]
 - bnxt_en: Reset device on RX buffer errors. (Michael Chan) [Orabug: 29651238]
 - x86/mitigations: Fix the test for Xen PV guest (Boris Ostrovsky) [Orabug: 29774291]
 - x86/speculation/mds: Fix verw usage to use memory operand (Kanth Ghatraju) [Orabug: 29791036] {CVE-2018-12127} {CVE-2018-12130}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2019-4669.html

Plugin Details

Severity: Medium

ID: 125665

File Name: oraclelinux_ELSA-2019-4669.nasl

Version: 1.9

Type: local

Agent: unix

Published: 6/3/2019

Updated: 10/22/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2018-12130

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-debug-devel, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/31/2019

Vulnerability Publication Date: 5/7/2019

Reference Information

CVE: CVE-2018-12127, CVE-2018-12130

IAVA: 2019-A-0166