Detections
Analytics

Oracle Linux 7 : kernel (ELSA-2022-0063)

medium Nessus Plugin ID 156664

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0063 advisory.

 [3.10.0-1160.53.1.OL7]
 - Update Oracle Linux certificates (Ilya Okomin)
 - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected])
 - Update x509.genkey [Orabug: 24817676]
 - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)

 [3.10.0-1160.53.1]
 - fuse: fix live lock in fuse_iget() (Miklos Szeredi) [1952046]
 - fuse: fix bad inode (Miklos Szeredi) [1952046]
 - GFS2: Truncate address space mapping when deleting an inode (Bob Peterson) [1364234]
 - gfs2: Fix gfs2_testbit to use clone bitmaps (Bob Peterson) [1364234]
 - gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps (Bob Peterson) [1364234]
 - gfs2: Fix oversight in gfs2_ail1_flush (Bob Peterson) [1364234]
 - gfs2: Additional information when gfs2_ail1_flush withdraws (Bob Peterson) [1364234]
 - gfs2: leaf_dealloc needs to allocate one more revoke (Bob Peterson) [1364234]
 - gfs2: allow journal replay to hold sd_log_flush_lock (Bob Peterson) [1364234]
 - gfs2: don't allow releasepage to free bd still used for revokes (Bob Peterson) [1364234]
 - gfs2: flesh out delayed withdraw for gfs2_log_flush (Bob Peterson) [1364234]
 - gfs2: Do proper error checking for go_sync family of glops functions (Bob Peterson) [1364234]
 - gfs2: drain the ail2 list after io errors (Bob Peterson) [1364234]
 - gfs2: Withdraw in gfs2_ail1_flush if write_cache_pages fails (Bob Peterson) [1364234]
 - gfs2: Do log_flush in gfs2_ail_empty_gl even if ail list is empty (Bob Peterson) [1364234]
 - gfs2: Check for log write errors before telling dlm to unlock (Bob Peterson) [1364234]
 - gfs2: Prepare to withdraw as soon as an IO error occurs in log write (Bob Peterson) [1364234]
 - gfs2: Issue revokes more intelligently (Bob Peterson) [1364234]
 - gfs2: Add verbose option to check_journal_clean (Bob Peterson) [1364234]
 - gfs2: fix infinite loop when checking ail item count before go_inval (Bob Peterson) [1364234]
 - gfs2: Force withdraw to replay journals and wait for it to finish (Bob Peterson) [1364234]
 - gfs2: Allow some glocks to be used during withdraw (Bob Peterson) [1364234]
 - gfs2: move check_journal_clean to util.c for future use (Bob Peterson) [1364234]
 - gfs2: Ignore dlm recovery requests if gfs2 is withdrawn (Bob Peterson) [1364234]
 - gfs2: Only complain the first time an io error occurs in quota or log (Bob Peterson) [1364234]
 - gfs2: log error reform (Bob Peterson) [1364234]
 - gfs2: Rework how rgrp buffer_heads are managed (Bob Peterson) [1364234]
 - gfs2: clear ail1 list when gfs2 withdraws (Bob Peterson) [1364234]
 - gfs2: Introduce concept of a pending withdraw (Bob Peterson) [1364234]
 - gfs2: Return bool from gfs2_assert functions (Bob Peterson) [1364234]
 - gfs2: Turn gfs2_consist into void functions (Bob Peterson) [1364234]
 - gfs2: Remove usused cluster_wide arguments of gfs2_consist functions (Bob Peterson) [1364234]
 - gfs2: Report errors before withdraw (Bob Peterson) [1364234]
 - gfs2: Split gfs2_lm_withdraw into two functions (Bob Peterson) [1364234]
 - gfs2: Fix incorrect variable name (Bob Peterson) [1364234]
 - gfs2: Don't write log headers after file system withdraw (Bob Peterson) [1364234]
 - gfs2: clean up iopen glock mess in gfs2_create_inode (Bob Peterson) [1364234]
 - gfs2: Close timing window with GLF_INVALIDATE_IN_PROGRESS (Bob Peterson) [1364234]
 - gfs2: fix infinite loop in gfs2_ail1_flush on io error (Bob Peterson) [1364234]
 - gfs2: Introduce function gfs2_withdrawn (Bob Peterson) [1364234]
 - gfs2: replace more printk with calls to fs_info and friends (Bob Peterson) [1364234]
 - gfs2: dump fsid when dumping glock problems (Bob Peterson) [1364234]
 - gfs2: simplify gfs2_freeze by removing case (Bob Peterson) [1364234]
 - gfs2: Rename SDF_SHUTDOWN to SDF_WITHDRAWN (Bob Peterson) [1364234]
 - gfs2: Warn when a journal replay overwrites a rgrp with buffers (Bob Peterson) [1364234]
 - gfs2: log which portion of the journal is replayed (Bob Peterson) [1364234]
 - gfs2: slow the deluge of io error messages (Bob Peterson) [1364234]
 - gfs2: Don't withdraw under a spin lock (Bob Peterson) [1364234]
 - GFS2: Clear gl_object when deleting an inode in gfs2_delete_inode (Bob Peterson) [1364234]
 - gfs2: Use fs_* functions instead of pr_* function where we can (Bob Peterson) [1364234] more consistently (Bob Peterson) [1364234]

 [3.10.0-1160.52.1]
 - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (David Arcari) [2019588]
 - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (David Arcari) [2019218]
 - x86/cpu/AMD: Fix erratum 1076 (CPB bit) (David Arcari) [2019218]
 - i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (Stefan Assmann) [1977246]
 - i40e: Fix virtchnl_queue_select bitmap validation (Stefan Assmann) [1977246]

 [3.10.0-1160.51.1]
 - mm, fs: Fix do_generic_file_read() error return (Carlos Maiolino) [2020857]
 - perf/core: Fix a memory leak in perf_event_parse_addr_filter() (Michael Petlan) [1901932]

 [3.10.0-1160.50.1]
 - tcp: grow window for OOO packets only for SACK flows (Guillaume Nault) [1990665]
 - scsi: mpt3sas: Fix unlock imbalance (Tomas Henzl) [2006536]
 - pci-hyperv: Fix setting CPU affinity on Azure (Vitaly Kuznetsov) [2019272]
 - media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() (Lucas Zampieri) [1956471] {CVE-2021-42739}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2022-0063.html

Plugin Details

Severity: Medium

ID: 156664

File Name: oraclelinux_ELSA-2022-0063.nasl

Version: 1.4

Type: local

Agent: unix

Published: 1/12/2022

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-42739

CVSS v3

Risk Factor: Medium

Base Score: 6.7

Temporal Score: 5.8

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-abi-whitelists, p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:perf, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:kernel-tools, p-cpe:/a:oracle:linux:python-perf, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 1/11/2022

Vulnerability Publication Date: 11/11/2020

Reference Information

CVE: CVE-2020-25704, CVE-2020-36322, CVE-2021-42739