Detections
Analytics

Oracle Linux 7 : kernel (ELSA-2021-0856)

high Nessus Plugin ID 147861

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0856 advisory.

 - [pinctrl] devicetree: Avoid taking direct reference to device name string (Aristeu Rozanski) [1922902] {CVE-2020-0427}
 - [pinctrl] Delete an error message (Aristeu Rozanski) [1922902] {CVE-2020-0427}
 - [tty] vt: keyboard, reorder user buffer handling in vt_do_kdgkb_ioctl (Aristeu Rozanski) [1896775] {CVE-2020-25656}
 - [tty] vt: keyboard, rename i to kb_func in vt_do_kdgkb_ioctl (Aristeu Rozanski) [1896775] {CVE-2020-25656}
 - [tty] vt: keyboard, extend func_buf_lock to readers (Aristeu Rozanski) [1896775] {CVE-2020-25656}
 - [tty] vt: keyboard, simplify vt_kdgkbsent (Aristeu Rozanski) [1896775] {CVE-2020-25656}
 - [tty] keyboard, do not speculate on func_table index (Aristeu Rozanski) [1896775] {CVE-2020-25656}
 - [tty] vt: fix write/write race in ioctl(KDSKBSENT) handler (Aristeu Rozanski) [1896775] {CVE-2020-25656}
 - [gpu] drm/i915: Fix use-after-free when destroying GEM context (Dave Airlie) [1814731] {CVE-2020-7053}
 - [net] netfilter: ctnetlink: add a range check for l3/l4 protonum (Florian Westphal) [1888296] {CVE-2020-25211}
 - [net] icmp: randomize the global rate limiter (Antoine Tenart) [1896515] {CVE-2020-25705}
 - [target] scsi: Fix XCOPY NAA identifier lookup (Maurizio Lombardi) [1900469] {CVE-2020-28374}
 - [netdrv] geneve: add transport ports in route lookup for geneve (Sabrina Dubroca) [1885144] {CVE-2020-25645}
 - [kernel] perf/core: Fix race in the perf_mmap_close() function (Michael Petlan) [1869936] {CVE-2020-14351}
 - [tty] Fix ->pgrp locking in tiocspgrp() (Chris von Recklinghausen) [1908193] {CVE-2020-29661}
 - [hid] Fix assumption that devices have inputs (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
 - [hid] microsoft: the driver now neeed MEMLESS_FF infrastructure (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
 - [hid] microsoft: Add rumble support for Xbox One S controller (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
 - [hid] microsoft: Convert private data to be a proper struct (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
 - [hid] revert 'hid: microsoft: fix invalid rdesc for 3k kbd' (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
 - [hid] input: ignore System Control application usages if not System Controls (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
 - [hid] hid-microsoft: Do the check for the ms usage page per device (Chris von Recklinghausen) [1821870] {CVE-2019-19532}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2021-0856.html

Plugin Details

Severity: High

ID: 147861

File Name: oraclelinux_ELSA-2021-0856.nasl

Version: 1.7

Type: local

Agent: unix

Published: 3/17/2021

Updated: 10/22/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-29661

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2020-28374

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-abi-whitelists, p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:perf, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:kernel-tools, p-cpe:/a:oracle:linux:python-perf, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/17/2021

Vulnerability Publication Date: 12/3/2019

Reference Information

CVE: CVE-2019-19532, CVE-2020-0427, CVE-2020-14351, CVE-2020-25211, CVE-2020-25645, CVE-2020-25656, CVE-2020-25705, CVE-2020-28374, CVE-2020-29661, CVE-2020-7053, CVE-2021-20265