Detections
Analytics

Oracle Linux 8 : kernel (ELSA-2021-5227)

medium Nessus Plugin ID 156243

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-5227 advisory.

 [4.18.0-348.7.1_5.OL8]
 - Update Oracle Linux certificates (Kevin Lyons)
 - Disable signing for aarch64 (Ilya Okomin)
 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
 - Update x509.genkey [Orabug: 24817676]
 - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5

 [4.18.0-348.7.1_5]
 - sched: Fix CPU hotplug / tighten is_per_cpu_kthread() (Waiman Long) [2026450 2024869]
 - sched: Prepare to use balance_push in ttwu() (Waiman Long) [2026450 2024869]
 - sched: Don't run cpu-online with balance_push() enabled (Waiman Long) [2026450 2024869]
 - workqueue: Tag bound workers with KTHREAD_IS_PER_CPU (Waiman Long) [2026450 2024869]
 - workqueue: Use cpu_possible_mask instead of cpu_active_mask to break affinity (Waiman Long) [2026450 2024869]
 - sched: Fix hotplug vs CPU bandwidth control (Waiman Long) [2026450 2024869]
 - workqueue: Manually break affinity on hotplug (Waiman Long) [2026450 2024869]
 - sched/hotplug: Consolidate task migration on CPU unplug (Waiman Long) [2026450 2024869]
 - sched/core: Wait for tasks being pushed away on hotplug (Waiman Long) [2026450 2024869]

 [4.18.0-348.6.1_5]
 - x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically (Prarit Bhargava) [2024678 2021219]

 [4.18.0-348.5.1_5]
 - blk-mq: still set q->make_request_fn for blk-mq (Ming Lei) [2016384 1999728]

 [4.18.0-348.4.1_5]
 - [RHEL8.6 BZ 1849234] cifs: report error instead of invalid when revalidating a dentry fails (Ronnie Sahlberg) [2017177 1849234]
 - kthread: Fix PF_KTHREAD vs to_kthread() race (Waiman Long) [2010333 2001497]
 - sched/fair: Ignore percpu threads for imbalance pulls (Waiman Long) [2010333 2001497]
 - kthread: Extract KTHREAD_IS_PER_CPU (Waiman Long) [2010333 2001497]
 - sched: Optimize finish_lock_switch() (Waiman Long) [2010333 2001497]
 - sched/hotplug: Ensure only per-cpu kthreads run during hotplug (Waiman Long) [2010333 2001497]
 - sched: Fix balance_callback() (Waiman Long) [2010333 2001497]

 [4.18.0-348.3.1_5]
 - net-sysfs: try not to restart the syscall if it will fail eventually (Antoine Tenart) [2021165 2016005]
 - ovl: fix missing negative dentry check in ovl_rename() (Miklos Szeredi) [2016378 2010887 2013318] {CVE-2021-20321}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2021-5227.html

Plugin Details

Severity: Medium

ID: 156243

File Name: oraclelinux_ELSA-2021-5227.nasl

Version: 1.5

Type: local

Agent: unix

Published: 12/21/2021

Updated: 11/1/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.5

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2021-20321

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-cross-headers, p-cpe:/a:oracle:linux:kernel-debug-modules, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-tools, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel-modules, p-cpe:/a:oracle:linux:kernel-abi-stablelists, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-core, p-cpe:/a:oracle:linux:kernel-debug-modules-extra, p-cpe:/a:oracle:linux:python3-perf, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-debug-core, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-modules-extra, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:kernel

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 12/22/2021

Vulnerability Publication Date: 10/28/2021

Reference Information

CVE: CVE-2021-20321