Detections
Analytics
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9052)
high Nessus Plugin ID 147804
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9052 advisory.- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492110] {CVE-2021-26930}
- xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}
- xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}
- xen-blkback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}
- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}
- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}
- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}
- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}
- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248037] {CVE-2020-28374}
- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}
- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}
- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}
- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug:
32253411] {CVE-2020-29568}
- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}
- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260255] {CVE-2020-29569}
- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug:
32349205] {CVE-2020-36158}
- tty: Fix ->session locking (Jann Horn) [Orabug: 32266679] {CVE-2020-29660}
- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266679] {CVE-2020-29660}
- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233354] {CVE-2020-14351}
- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}
- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}
- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}
- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}
- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}
- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}
- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}
- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}
- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}
- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}
- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}
- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}
- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin( )) [Orabug: 32131174] {CVE-2020-25704}
- perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131174] {CVE-2020-25704}
- blktrace: fix debugfs use after free (Luis Chamberlain) {CVE-2019-19770}
- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) {CVE-2020-25656}
- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug:
31864725] {CVE-2019-19816}
- btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864725] {CVE-2019-19816}
- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864725] {CVE-2019-19816}
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 147804
File Name: oraclelinux_ELSA-2021-9052.nasl
Version: 1.6
Type: local
Agent: unix
Published: 3/15/2021
Updated: 11/1/2024
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2021-26930
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:kernel-uek-headers, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-uek-devel, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:python-perf, p-cpe:/a:oracle:linux:kernel-uek-tools, p-cpe:/a:oracle:linux:kernel-uek-tools-libs, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Ease: No known exploits are available
Patch Publication Date: 2/16/2021
Vulnerability Publication Date: 2/16/2021