Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12813)

high Nessus Plugin ID 210882

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12813 advisory.

- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37137548] {CVE-2024-49863}
- mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin) [Orabug:
36683094] {CVE-2024-36028}
- rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116446] {CVE-2024-46829}
- nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074465] {CVE-2024-46737}
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug:
37116413] {CVE-2024-46822}
- nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug:
37074677] {CVE-2024-46780}
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug:
37074473] {CVE-2024-46739}
- binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074477] {CVE-2024-46740}
- staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug:
37159728] {CVE-2024-47663}
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159757] {CVE-2024-47668}
- of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug:
37074488] {CVE-2024-46743}
- Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074495] {CVE-2024-46744}
- Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074503] {CVE-2024-46745}
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074513] {CVE-2024-46747}
- PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074532] {CVE-2024-46750}
- btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116494] {CVE-2024-46840}
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074561] {CVE-2024-46755}
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074566] {CVE-2024-46756}
- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug:
37074571] {CVE-2024-46757}
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074579] {CVE-2024-46758}
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074584] {CVE-2024-46759}
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074595] {CVE-2024-46761}
- um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116518] {CVE-2024-46844}
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074693] {CVE-2024-46783}
- can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074625] {CVE-2024-46771}
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (Kishon Vijay Abraham I) [Orabug:
37159750] {CVE-2024-47667}
- udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074665] {CVE-2024-46777}
- nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159765] {CVE-2024-47669}
- nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074684] {CVE-2024-46781}
- sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke Hoiland-Jorgensen) [Orabug:
37116443] {CVE-2024-46828}
- ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074689] {CVE-2024-46782}
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin) [Orabug: 37074722] {CVE-2024-46798}
- sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074726] {CVE-2024-46800}
- virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964474] {CVE-2024-43835}
- block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug:
36964515] {CVE-2024-43854}
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073032] {CVE-2024-46714}
- usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073065] {CVE-2024-46719}
- apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073078] {CVE-2024-46721}
- drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073083] {CVE-2024-46722}
- drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073088] {CVE-2024-46723}
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116366] {CVE-2024-46815}
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug:
37116376] {CVE-2024-46817}
- drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116385] {CVE-2024-46818}
- scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070700] {CVE-2024-46673}
- usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug:
37070705] {CVE-2024-46674}
- usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug:
37070710] {CVE-2024-46675}
- nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070717] {CVE-2024-46676}
- gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070722] {CVE-2024-46677}
- ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070728] {CVE-2024-46679}
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964510] {CVE-2024-43853}
- ata: libata-core: Fix null pointer dereference on error (Niklas Cassel) [Orabug: 36897457] {CVE-2024-41098}
- drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867631] {CVE-2024-41011}
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070744] {CVE-2024-46685}
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug:
36898009] {CVE-2024-42228} (Alexander Lobakin)
- Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029137] {CVE-2024-45008}
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug:
36654191] {CVE-2023-31083}
- Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992976] {CVE-2024-43884}
- mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070691] {CVE-2024-45028}
- ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029076] {CVE-2024-44987}
- netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070660] {CVE-2024-45016}
- net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029082] {CVE-2024-44988}
- kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013761] {CVE-2024-44946}
- gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029111] {CVE-2024-44999}
- net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029098] {CVE-2024-44995}
- atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029105] {CVE-2024-44998}
- memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070672] {CVE-2024-45021}
- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070680] {CVE-2024-45025}
- vfs: Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029119] {CVE-2024-45003}
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug:
37070687] {CVE-2024-45026}
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug:
37029125] {CVE-2024-45006}
- fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017951] {CVE-2024-44947}
- wireguard: netlink: check for dangling peer via is_dead instead of empty list (Jason A. Donenfeld) [Orabug: 36596766] {CVE-2024-26951}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2024-12813.html

Plugin Details

Severity: High

ID: 210882

File Name: oraclelinux_ELSA-2024-12813.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/13/2024

Updated: 11/13/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-46844

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:oracle:linux:8:10:baseos_patch, cpe:/o:oracle:linux:8::baseos_latest, p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:perf, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:python-perf, cpe:/a:oracle:linux:8::uekr6, cpe:/a:oracle:linux:7::uekr6, p-cpe:/a:oracle:linux:kernel-uek-tools, p-cpe:/a:oracle:linux:kernel-uek-tools-libs, p-cpe:/a:oracle:linux:kernel-uek

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/12/2024

Vulnerability Publication Date: 4/24/2023

Reference Information

CVE: CVE-2023-31083, CVE-2024-26951, CVE-2024-36028, CVE-2024-41011, CVE-2024-41098, CVE-2024-42228, CVE-2024-43835, CVE-2024-43853, CVE-2024-43854, CVE-2024-43884, CVE-2024-44946, CVE-2024-44947, CVE-2024-44987, CVE-2024-44988, CVE-2024-44995, CVE-2024-44998, CVE-2024-44999, CVE-2024-45003, CVE-2024-45006, CVE-2024-45008, CVE-2024-45016, CVE-2024-45021, CVE-2024-45025, CVE-2024-45026, CVE-2024-45028, CVE-2024-46673, CVE-2024-46674, CVE-2024-46675, CVE-2024-46676, CVE-2024-46677, CVE-2024-46679, CVE-2024-46685, CVE-2024-46714, CVE-2024-46719, CVE-2024-46721, CVE-2024-46722, CVE-2024-46723, CVE-2024-46737, CVE-2024-46739, CVE-2024-46740, CVE-2024-46743, CVE-2024-46744, CVE-2024-46745, CVE-2024-46747, CVE-2024-46750, CVE-2024-46755, CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759, CVE-2024-46761, CVE-2024-46771, CVE-2024-46777, CVE-2024-46780, CVE-2024-46781, CVE-2024-46782, CVE-2024-46783, CVE-2024-46798, CVE-2024-46800, CVE-2024-46815, CVE-2024-46817, CVE-2024-46818, CVE-2024-46822, CVE-2024-46828, CVE-2024-46829, CVE-2024-46840, CVE-2024-46844, CVE-2024-47663, CVE-2024-47667, CVE-2024-47668, CVE-2024-47669, CVE-2024-49863, CVE-2024-49958