Oracle Linux 5 : kernel (ELSA-2019-4702)

medium Nessus Plugin ID 180633

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4702 advisory.

- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Call VERW on NMI path when returning to user (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Fix verw usage to use memory operand (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Make cpu_matches() __cpuinit (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Add sysfs reporting for l1tf (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect swap entries against L1TF (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Change order of offset/type in swap entry (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] bugs: Export the internal __cpu_bugs variable (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] intel-family.h: Add GEMINI_LAKE SOC (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] mm: Move swap offset/type up in PTE to work around erratum (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] ia32entry: make target ia32_ret_from_sys_call the common exit point to long-mode (Rafael Aquini) [1570474] {CVE-2009-2910}
- [x86] spec_ctrl: only perform RSB stuffing on SMEP capable CPUs (Rafael Aquini) [1570474] {CVE-2009-2910}
- [net] tcp: fix 0 divide in __tcp_select_window (Davide Caratti) [1488343] {CVE-2017-14106}
- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488343] {CVE-2017-14106}
- [x86] Fix up /proc/cpuinfo entries (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [kernel] spec_ctrl: work around broken microcode (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] Only expose PR_{GET, SET}_SPECULATION_CTRL if CONFIG_SPEC_CTRL is defined (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] misc changes to fix i386 builds (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] amd: Disable AMD SSBD mitigation in a VM (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] 64: add skeletonized version of __switch_to_xtra (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [kernel] prctl: Add speculation control prctls (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] include: add latest intel-family.h from RHEL6 (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpuid: Fix up IBRS/IBPB/STIBP feature bits on Intel (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Add Intel feature bits for Speculation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpu: Add driver auto probing for x86 features (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- x86_64/entry: Don't use IST entry for #BP stack [orabug 28452062] {CVE-2018-8897}
- Backport CVE-2017-5715 to RHCK/OL5 [orabug 27787723]
- Backport CVEs to RHCK/OL5 [orabug 27547712] {CVE-2017-5753} {CVE-2017-5754}
- [fs] fix bug in loading of PIE binaries (Michael Davidson) [orabug 26916951] {CVE-2017-1000253}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2019-4702.html

Plugin Details

Severity: Medium

ID: 180633

File Name: oraclelinux_ELSA-2019-4702.nasl

Version: 1.4

Type: local

Agent: unix

Published: 9/7/2023

Updated: 11/1/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2019-11091

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:oracleasm-2.6.18-419.0.0.0.13.el5xen, p-cpe:/a:oracle:linux:oracleasm-2.6.18-419.0.0.0.13.el5pae, cpe:/o:oracle:linux:5, p-cpe:/a:oracle:linux:kernel-xen, p-cpe:/a:oracle:linux:ocfs2-2.6.18-419.0.0.0.13.el5, p-cpe:/a:oracle:linux:ocfs2-2.6.18-419.0.0.0.13.el5pae, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:oracleasm-2.6.18-419.0.0.0.13.el5debug, p-cpe:/a:oracle:linux:kernel-pae-devel, p-cpe:/a:oracle:linux:ocfs2-2.6.18-419.0.0.0.13.el5debug, p-cpe:/a:oracle:linux:kernel-xen-devel, p-cpe:/a:oracle:linux:kernel-pae, p-cpe:/a:oracle:linux:oracleasm-2.6.18-419.0.0.0.13.el5, p-cpe:/a:oracle:linux:ocfs2-2.6.18-419.0.0.0.13.el5xen, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/4/2019

Vulnerability Publication Date: 5/7/2019

Reference Information

CVE: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

IAVA: 2019-A-0166