Detections
Analytics

Oracle Linux 9 : kernel (ELSA-2023-7749)

high Nessus Plugin ID 187270

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7749 advisory.

 - x86/retpoline: Document some thunk handling aspects (Borislav Petkov) {CVE-2023-20569}
 - objtool: Fix return thunk patching in retpolines (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Remove unnecessary semicolon (Yang Li) {CVE-2023-20569}
 - x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Josh Poimboeuf) {CVE-2023-20569}
 - x86/nospec: Refactor UNTRAIN_RET[_*] (Josh Poimboeuf) {CVE-2023-20569}
 - x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Disentangle rethunk-dependent options (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Josh Poimboeuf) {CVE-2023-20569}
 - x86/bugs: Remove default case for fully switched enums (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Remove 'pred_cmd' label (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Unexport untraining functions (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Improve i-cache locality for alias mitigation (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Fix unret validation dependencies (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Fix vulnerability reporting for missing microcode (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Print mitigation for retbleed IBPB case (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Print actual mitigation if requested mitigation isn't possible (Josh Poimboeuf) [RHEL-8594] {CVE-2023-20569}
 - x86/srso: Fix SBPB enablement for (possible) future fixed HW (Josh Poimboeuf) {CVE-2023-20569}
 - x86,static_call: Fix static-call vs return-thunk (Peter Zijlstra) {CVE-2023-20569}
 - x86/alternatives: Remove faulty optimization (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Don't probe microcode in a guest (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Set CPUID feature bits independently of bug or mitigation status (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Fix srso_show_state() side effect (Josh Poimboeuf) {CVE-2023-20569}
 - x86/cpu: Fix amd_check_microcode() declaration (Arnd Bergmann) {CVE-2023-20569}
 - x86/srso: Correct the mitigation status when SMT is disabled (Borislav Petkov) {CVE-2023-20569}
 - x86/static_call: Fix __static_call_fixup() (Peter Zijlstra) {CVE-2023-20569}
 - objtool/x86: Fixup frame-pointer vs rethunk (Peter Zijlstra) {CVE-2023-20569}
 - x86/srso: Explain the untraining sequences a bit more (Borislav Petkov) {CVE-2023-20569}
 - x86/cpu/kvm: Provide UNTRAIN_RET_VM (Peter Zijlstra) {CVE-2023-20569}
 - x86/cpu: Cleanup the untrain mess (Peter Zijlstra) {CVE-2023-20569}
 - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Peter Zijlstra) {CVE-2023-20569}
 - x86/cpu: Rename original retbleed methods (Peter Zijlstra) {CVE-2023-20569}
 - x86/cpu: Clean up SRSO return thunk mess (Peter Zijlstra) {CVE-2023-20569}
 - x86/alternative: Make custom return thunk unconditional (Peter Zijlstra) {CVE-2023-20569}
 - objtool/x86: Fix SRSO mess (Peter Zijlstra) {CVE-2023-20569}
 - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Peter Zijlstra) {CVE-2023-20569}
 - x86/cpu: Fix __x86_return_thunk symbol type (Peter Zijlstra) {CVE-2023-20569}
 - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Petr Pavlu) {CVE-2023-20569}
 - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Petr Pavlu) {CVE-2023-20569}
 - x86/srso: Disable the mitigation on unaffected configurations (Borislav Petkov) {CVE-2023-20569}
 - x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Borislav Petkov) {CVE-2023-20588}
 - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Sean Christopherson) {CVE-2023-20569}
 - x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Cristian Ciocaltea) {CVE-2023-20593}
 - driver core: cpu: Fix the fallback cpu_show_gds() name (Borislav Petkov) {CVE-2023-20569}
 - x86: Move gds_ucode_mitigated() declaration to header (Arnd Bergmann) {CVE-2023-20569}
 - x86/speculation: Add cpu_show_gds() prototype (Arnd Bergmann) {CVE-2023-20569}
 - driver core: cpu: Make cpu_show_not_affected() static (Borislav Petkov) {CVE-2023-20569}
 - x86/srso: Fix build breakage with the LLVM linker (Nick Desaulniers) {CVE-2023-20569}
 - Documentation/srso: Document IBPB aspect and fix formatting (Borislav Petkov) {CVE-2023-20569}
 - driver core: cpu: Unify redundant silly stubs (Borislav Petkov) {CVE-2023-20569}
 - Documentation/hw-vuln: Unify filename specification in index (Borislav Petkov) {CVE-2023-20569}
 - x86/CPU/AMD: Do not leak quotient data after a division by 0 (Borislav Petkov) {CVE-2023-20588}
 - x86/srso: Tie SBPB bit setting to microcode patch detection (Borislav Petkov) {CVE-2023-20569}
 - x86/srso: Add a forgotten NOENDBR annotation (Borislav Petkov) {CVE-2023-20569}
 - x86/srso: Fix return thunks in generated code (Josh Poimboeuf) {CVE-2023-20569}
 - x86/srso: Add IBPB on VMEXIT (Borislav Petkov) {CVE-2023-20569}
 - x86/srso: Add IBPB (Borislav Petkov) {CVE-2023-20569}
 - x86/srso: Add SRSO_NO support (Borislav Petkov) {CVE-2023-20569}
 - x86/srso: Add IBPB_BRTYPE support (Borislav Petkov) {CVE-2023-20569}
 - redhat/configs/x86: Enable CONFIG_CPU_SRSO (Borislav Petkov) {CVE-2023-20569}
 - x86/srso: Add a Speculative RAS Overflow mitigation (Borislav Petkov) {CVE-2023-20569}
 - x86/retbleed: Add __x86_return_thunk alignment checks (Borislav Petkov) {CVE-2023-20569}
 - x86/retbleed: Fix return thunk alignment (Borislav Petkov) {CVE-2023-20569}
 - x86/alternative: Optimize returns patching (Borislav Petkov) {CVE-2023-20569}
 - x86,objtool: Separate unret validation from unwind hints (Josh Poimboeuf) {CVE-2023-20569}
 - objtool: Add objtool_types.h (Josh Poimboeuf) {CVE-2023-20569}
 - objtool: Union instruction::{call_dest,jump_table} (Peter Zijlstra) {CVE-2023-20569}
 - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Peter Zijlstra) {CVE-2023-20569}
 - objtool: Fix SEGFAULT (Christophe Leroy) {CVE-2023-20569}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2023-7749.html

Plugin Details

Severity: High

ID: 187270

File Name: oraclelinux_ELSA-2023-7749.nasl

Version: 1.3

Type: local

Agent: unix

Published: 12/22/2023

Updated: 11/2/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-5345

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:rtla, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-cross-headers, p-cpe:/a:oracle:linux:kernel-debug-modules, p-cpe:/a:oracle:linux:kernel-tools, cpe:/o:oracle:linux:9:3:baseos_patch, p-cpe:/a:oracle:linux:kernel-debug-devel, cpe:/a:oracle:linux:9::appstream, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel-debug-modules-core, p-cpe:/a:oracle:linux:kernel-modules, p-cpe:/a:oracle:linux:kernel-debug-devel-matched, p-cpe:/a:oracle:linux:kernel-abi-stablelists, cpe:/a:oracle:linux:9::codeready_builder, p-cpe:/a:oracle:linux:kernel-devel-matched, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-core, p-cpe:/a:oracle:linux:kernel-modules-core, p-cpe:/a:oracle:linux:kernel-debug-modules-extra, p-cpe:/a:oracle:linux:python3-perf, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-debug-core, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-modules-extra, cpe:/o:oracle:linux:9::baseos_latest, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:kernel

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/22/2023

Vulnerability Publication Date: 8/3/2023

Reference Information

CVE: CVE-2023-1192, CVE-2023-20569, CVE-2023-45871, CVE-2023-5345