Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9590)

high Nessus Plugin ID 163036

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9590 advisory.

- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652}
- x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug:
34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2022-9590.html

Plugin Details

Severity: High

ID: 163036

File Name: oraclelinux_ELSA-2022-9590.nasl

Version: 1.10

Type: local

Agent: unix

Published: 7/12/2022

Updated: 10/23/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-1652

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-modules, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-debug, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-core, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug-modules

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 7/12/2022

Vulnerability Publication Date: 6/2/2022

Reference Information

CVE: CVE-2022-1652, CVE-2022-23816, CVE-2022-29901