Oracle Linux 9 : kernel (ELSA-2024-8617)

medium Nessus Plugin ID 210013

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-8617 advisory.

- redhat/configs: Add CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Fix BHI retpoline check (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Clarify that syscall hardening isn't a BHI mitigation (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- KVM: x86: Add BHI_NO (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bhi: Mitigate KVM by default (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- perf/x86/amd/lbr: Use freeze based on availability (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- Documentation/kernel-parameters: Add spec_rstack_overflow to mitigations=off (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201}
- scsi: core: Fix unremoved procfs host directory regression (Ewan D. Milne) [RHEL-39539 RHEL-39601 RHEL-33543 RHEL-35000] {CVE-2024-26935}
- tty: Fix out-of-bound vmalloc access in imageblit (Andrew Halaney) [RHEL-42095 RHEL-24205] {CVE-2021-47383}
- block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-54769 RHEL-54768] {CVE-2024-43854}
- netfilter: nft_inner: validate mandatory meta and payload (Phil Sutter) [RHEL-47488 RHEL-47486] {CVE-2024-39504}
- netfilter: flowtable: initialise extack before use (CKI Backport Bot) [RHEL-58546 RHEL-58544] {CVE-2024-45018}
- ext4: do not create EA inode under buffer lock (Carlos Maiolino) [RHEL-48285 RHEL-48282] {CVE-2024-40972}
- ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (Carlos Maiolino) [RHEL-48285 RHEL-48282] {CVE-2024-40972}
- ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (Carlos Maiolino) [RHEL-48519 RHEL-48517] {CVE-2024-40998}
- ext4: turn quotas off if mount failed after enabling quotas (Carlos Maiolino) [RHEL-48519 RHEL-48517] {CVE-2024-40998}
- mptcp: fix data re-injection from stale subflow (Davide Caratti) [RHEL-59920 RHEL-32669] {CVE-2024-26826}
- xfs: add bounds checking to xlog_recover_process_data (CKI Backport Bot) [RHEL-50864 RHEL-50862] {CVE-2024-41014}
- af_unix: Fix garbage collector racing against connect() (Davide Caratti) [RHEL-42771 RHEL-33410] {CVE-2024-26923}
- xfs: don't walk off the end of a directory data block (CKI Backport Bot) [RHEL-50887 RHEL-50885] {CVE-2024-41013}
- ipv6: prevent possible NULL dereference in rt6_probe() (Hangbin Liu) [RHEL-48161 RHEL-45826] {CVE-2024-40960}
- mac802154: fix llsec key resources release in mac802154_llsec_key_del (Steve Best) [RHEL-42795 RHEL-34969] {CVE-2024-26961}
- mptcp: ensure snd_una is properly initialized on connect (Florian Westphal) [RHEL-47945 RHEL-47943] {CVE-2024-40931}
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CKI Backport Bot) [RHEL-47560 RHEL-47558] {CVE-2024-40904}
- xfs: fix log recovery buffer allocation for the legacy h_size fixup (Bill O'Donnell) [RHEL-46481 RHEL-46479] {CVE-2024-39472}
- tcp: add sanity checks to rx zerocopy (Paolo Abeni) [RHEL-58403 RHEL-29496] {CVE-2024-26640}
- netpoll: Fix race condition in netpoll_owner_active (CKI Backport Bot) [RHEL-49373 RHEL-49371] {CVE-2024-41005}
- wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CKI Backport Bot) [RHEL-48321 RHEL-48319] {CVE-2024-40977}
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (Davide Caratti) [RHEL-48483 RHEL-44375] {CVE-2024-40995}
- net/sched: taprio: extend minimum interval restriction to entire cycle too (Davide Caratti) [RHEL-44377 RHEL-44375] {CVE-2024-36244}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2024-8617.html

Plugin Details

Severity: Medium

ID: 210013

File Name: oraclelinux_ELSA-2024-8617.nasl

Version: 1.2

Type: local

Agent: unix

Published: 10/31/2024

Updated: 11/2/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

CVSS Score Source: CVE-2024-45018

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:rtla, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-cross-headers, p-cpe:/a:oracle:linux:kernel-debug-modules, p-cpe:/a:oracle:linux:kernel-tools, p-cpe:/a:oracle:linux:rv, p-cpe:/a:oracle:linux:kernel-debug-devel, cpe:/a:oracle:linux:9::appstream, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel-debug-uki-virt, p-cpe:/a:oracle:linux:kernel-debug-modules-core, p-cpe:/a:oracle:linux:kernel-modules, p-cpe:/a:oracle:linux:kernel-debug-devel-matched, p-cpe:/a:oracle:linux:kernel-abi-stablelists, cpe:/a:oracle:linux:9::codeready_builder, p-cpe:/a:oracle:linux:kernel-devel-matched, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-core, p-cpe:/a:oracle:linux:kernel-modules-core, p-cpe:/a:oracle:linux:kernel-uki-virt, p-cpe:/a:oracle:linux:libperf, p-cpe:/a:oracle:linux:kernel-debug-modules-extra, p-cpe:/a:oracle:linux:python3-perf, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-debug-core, cpe:/o:oracle:linux:9:4:baseos_patch, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-modules-extra, cpe:/o:oracle:linux:9::baseos_latest, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:kernel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 10/30/2024

Vulnerability Publication Date: 2/15/2024

Reference Information

CVE: CVE-2021-47383, CVE-2024-2201, CVE-2024-26640, CVE-2024-26826, CVE-2024-26923, CVE-2024-26935, CVE-2024-26961, CVE-2024-36244, CVE-2024-39472, CVE-2024-39504, CVE-2024-40904, CVE-2024-40931, CVE-2024-40960, CVE-2024-40972, CVE-2024-40977, CVE-2024-40995, CVE-2024-40998, CVE-2024-41005, CVE-2024-41013, CVE-2024-41014, CVE-2024-43854, CVE-2024-45018

IAVA: 2024-A-0228-S