Oracle Linux 7 : kernel (ELSA-2019-2029)

high Nessus Plugin ID 180763

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2029 advisory.

- [scsi] scsi: megaraid_sas: return error when create DMA pool failed (Tomas Henzl) [1712861] {CVE-2019-11810}
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719915] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719915] {CVE-2019-11479}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719595] {CVE-2019-11477}
- [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719595] {CVE-2019-11477}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719850] {CVE-2019-11478}
- [mm] mincore.c: make mincore() more conservative (Rafael Aquini) [1664199] {CVE-2019-5489}
- [kernel] alarmtimer: Prevent overflow for relative nanosleep (Artem Savkov) [1653677] {CVE-2018-13053}
- [fs] ext4: zero out the unused memory region in the extent tree block (Lukas Czerner) [1715280] {CVE-2019-11833}
- [vhost] vsock: add weight support (Jason Wang) [1702943] {CVE-2019-3900}
- [vhost] vhost_net: fix possible infinite loop (Jason Wang) [1702943] {CVE-2019-3900}
- [vhost] introduce vhost_exceeds_weight() (Jason Wang) [1702943] {CVE-2019-3900}
- [vhost] vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [1702943] {CVE-2019-3900}
- [vhost] vhost_net: use packet weight for rx handler, too (Jason Wang) [1702943] {CVE-2019-3900}
- [vhost] vhost-net: set packet weight of tx polling to 2 * vq size (Jason Wang) [1702943] {CVE-2019-3900}
- [x86] kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access (Paolo Bonzini) [1657358] {CVE-2018-10853}
- [x86] kvm: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system (Paolo Bonzini) [1657358] {CVE-2018-10853}
- [x86] kvm: x86: introduce linear_{read,write}_system (Paolo Bonzini) [1657358] {CVE-2018-10853}
- [char] ipmi_si: fix use-after-free of resource->name (Tony Camuso) [1714408] {CVE-2019-11811}
- [fs] sunrpc: make visible processing error in bc_svc_process() ('J. Bruce Fields') [1653675] {CVE-2018-16884}
- [fs] sunrpc: remove unused xpo_prep_reply_hdr callback ('J. Bruce Fields') [1653675] {CVE-2018-16884}
- [fs] sunrpc: remove svc_tcp_bc_class ('J. Bruce Fields') [1653675] {CVE-2018-16884}
- [fs] sunrpc: replace svc_serv->sv_bc_xprt by boolean flag ('J. Bruce Fields') [1653675] {CVE-2018-16884}
- [fs] sunrpc: use-after-free in svc_process_common() ('J. Bruce Fields') [1653675] {CVE-2018-16884}
- [fs] svcauth_gss: Close connection when dropping an incoming message ('J. Bruce Fields') [1653675] {CVE-2018-16884}
- [x86] spectre: Fix an error message (Waiman Long) [1709296 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] x86/speculation/mds: Fix documentation typo (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] Correct the possible MDS sysfs values (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] x86/mds: Add MDSUM variant to the MDS documentation (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation/mds: Add 'mitigations=' support for MDS (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] s390/speculation: Support 'mitigations=' cmdline option (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] powerpc/speculation: Support 'mitigations=' cmdline option (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] x86/speculation: Support 'mitigations=' cmdline option (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation/l1tf: Increase l1tf memory limit for Nehalem+ (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] spectre: Simplify spectre_v2 command line parsing (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation/mds: Properly set/clear mds_idle_clear static key (Waiman Long) [1709296 1690358 1690348 1690335 1707292] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation/mds: Fix comment (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation/mds: Add SMT warning message (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation/mds: Add mds=full, nosmt cmdline option (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1709296 1690358 1690348 1690335 1710501 1710498] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] documentation: Add MDS vulnerability documentation (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] documentation: Move L1TF to separate directory (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation/mds: Add mitigation control for MDS (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [documentation] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation: Consolidate CPU whitelists (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] msr-index: Cleanup bit defines (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] l1tf: Show actual SMT state (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [kernel] x86/speculation: Rework SMT state change (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] spec_ctrl: Add casting to fix compilation error (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [tools] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}
- [x86] cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1709296 1690358 1690348 1690335] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2019-2029.html

Plugin Details

Severity: High

ID: 180763

File Name: oraclelinux_ELSA-2019-2029.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/7/2023

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-9517

CVSS v3

Risk Factor: High

Base Score: 8.4

Temporal Score: 7.6

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2018-9363

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-abi-whitelists, p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:perf, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:kernel-tools, p-cpe:/a:oracle:linux:python-perf, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/13/2019

Vulnerability Publication Date: 1/18/2018

Reference Information

CVE: CVE-2018-10853, CVE-2018-13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-14625, CVE-2018-14734, CVE-2018-15594, CVE-2018-16658, CVE-2018-16885, CVE-2018-18281, CVE-2018-7755, CVE-2018-8087, CVE-2018-9363, CVE-2018-9516, CVE-2018-9517, CVE-2019-11599, CVE-2019-11810, CVE-2019-11833, CVE-2019-3459, CVE-2019-3460, CVE-2019-3882, CVE-2019-3900, CVE-2019-5489, CVE-2019-7222