Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12842)

critical Nessus Plugin ID 182443

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12842 advisory.

- net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug:
35814273] {CVE-2023-4206}
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Pedro Tammela) [Orabug: 35636291] {CVE-2023-3611}
- rds: Fix lack of reentrancy for connection reset with dst addr zero (Hakon Bugge) [Orabug: 35741584] [Orabug: 35818110] {CVE-2023-22024}
- xfrm: add NULL check in xfrm_update_ae_params (Lin Ma) [Orabug: 35754509] {CVE-2023-3772}
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) [Orabug:
35732892] {CVE-2023-4459}
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) [Orabug:
35732764] {CVE-2023-4387}
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free (M A Ramdhan) [Orabug:
35636313] {CVE-2023-3776}
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Thadeu Lima de Souza Cascardo) [Orabug:
35609787] {CVE-2023-35001}
- ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li) [Orabug: 35382025] {CVE-2023-2513}
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li) [Orabug: 35382025] {CVE-2023-2513}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2023-12842.html

Plugin Details

Severity: Critical

ID: 182443

File Name: oraclelinux_ELSA-2023-12842.nasl

Version: 1.5

Type: local

Agent: unix

Published: 10/3/2023

Updated: 10/23/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-34918

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2023-4206

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 9.3

Threat Vector: CVSS:4.0/E:A

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVSS Score Source: CVE-2023-3776

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-debug-devel, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, cpe:/a:oracle:linux:7::uekr4, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/a:oracle:linux:6:10:uekr4_els, p-cpe:/a:oracle:linux:kernel-uek, cpe:/o:oracle:linux:6

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/3/2023

Vulnerability Publication Date: 7/4/2022

Exploitable With

Core Impact

Metasploit (Netfilter nft_set_elem_init Heap Overflow Privilege Escalation)

Reference Information

CVE: CVE-2022-34918, CVE-2023-22024, CVE-2023-2513, CVE-2023-35001, CVE-2023-3611, CVE-2023-3772, CVE-2023-3776, CVE-2023-4206, CVE-2023-4387, CVE-2023-4459