Detections
Analytics
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12868)
high Nessus Plugin ID 212202
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12868 advisory.- ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug:
37199021] {CVE-2024-49958}
- rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116447] {CVE-2024-46829}
- nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug:
37074678] {CVE-2024-46780}
- of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug:
37074490] {CVE-2024-46743}
- Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074496] {CVE-2024-46744}
- Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074504] {CVE-2024-46745}
- PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074533] {CVE-2024-46750}
- btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116495] {CVE-2024-46840}
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074562] {CVE-2024-46755}
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074567] {CVE-2024-46756}
- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug:
37074572] {CVE-2024-46757}
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074580] {CVE-2024-46758}
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074586] {CVE-2024-46759}
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074596] {CVE-2024-46761}
- um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116519] {CVE-2024-46844}
- can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074626] {CVE-2024-46771}
- nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159766] {CVE-2024-47669}
- nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074685] {CVE-2024-46781}
- sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074727] {CVE-2024-46800}
- ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check (Hillf Danton) [Orabug: 30562949] {CVE-2019-15222}
- block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug:
36964517] {CVE-2024-43854}
- apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073079] {CVE-2024-46721}
- drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073084] {CVE-2024-46722}
- drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073089] {CVE-2024-46723}
- scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070701] {CVE-2024-46673}
- usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug:
37070706] {CVE-2024-46674}
- usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug:
37070711] {CVE-2024-46675}
- gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070723] {CVE-2024-46677}
- fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) [Orabug: 34408909] {CVE-2021-33655}
- fbcon: Prevent that screen size is smaller than font size (Helge Deller) [Orabug: 34408909] {CVE-2021-33655}
- memcg: enable accounting of ipc resources (Vasily Averin) [Orabug: 34214321] {CVE-2021-3759}
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964511] {CVE-2024-43853}
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070745] {CVE-2024-46685}
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug:
36898010] {CVE-2024-42228}
- Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029138] {CVE-2024-45008}
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug:
36654193] {CVE-2023-31083}
- Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992977] {CVE-2024-43884}
- mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070692] {CVE-2024-45028}
- ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029077] {CVE-2024-44987}
- kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013762] {CVE-2024-44946}
- gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029112] {CVE-2024-44999}
- atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029106] {CVE-2024-44998}
- memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070673] {CVE-2024-45021}
- fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017952] {CVE-2024-44947}
- net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36720418] {CVE-2024-36971}
- exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984018] {CVE-2024-43882}
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953970] {CVE-2024-42259}
- x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028937] {CVE-2024-44948}
- tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992999] {CVE-2024-43890}
- serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993010] {CVE-2024-43893}
- tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37242882] {CVE-2024-44968}
- usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028989] {CVE-2024-44960}
- usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug:
36992972] {CVE-2024-43883}
- ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028959] {CVE-2024-44954}
- md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993128] {CVE-2024-43914}
- net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983960] {CVE-2024-43861}
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963809] {CVE-2024-42265}
- net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964007] {CVE-2024-42271}
- remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug:
36964539] {CVE-2024-43860}
- devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983992] {CVE-2024-43871}
- dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964224] {CVE-2024-42301}
- mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897804] {CVE-2024-42131}
- mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964033] {CVE-2024-42280}
- tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964048] {CVE-2024-42284}
- dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964524] {CVE-2024-43856}
- jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964531] {CVE-2024-43858}
- nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964204] {CVE-2024-42295}
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964055] {CVE-2024-42285}
- scsi: qla2xxx: During vport delete send async logout explicitly (Manish Rangankar) [Orabug: 36964081] {CVE-2024-42289}
- f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964214] {CVE-2024-42297}
- ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964233] {CVE-2024-42304}
- ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964238] {CVE-2024-42305}
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964254] {CVE-2024-42309}
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964261] {CVE-2024-42310}
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964266] {CVE-2024-42311}
- media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964276] {CVE-2024-42313}
- netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013756] {CVE-2024-44944}
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964481] {CVE-2024-43839}
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 212202
File Name: oraclelinux_ELSA-2024-12868.nasl
Version: 1.1
Type: local
Agent: unix
Published: 12/9/2024
Updated: 12/9/2024
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: Medium
Base Score: 4.9
Temporal Score: 4
Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2019-15222
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
CVSS Score Source: CVE-2024-50074
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:kernel-uek-headers, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:perf, cpe:/a:oracle:linux:7::latest, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel, p-cpe:/a:oracle:linux:python-perf, cpe:/a:oracle:linux:7::uekr5, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/a:oracle:linux:7::optional_latest, p-cpe:/a:oracle:linux:kernel-uek-tools-libs, p-cpe:/a:oracle:linux:kernel-uek, cpe:/a:oracle:linux:7:9:patch, cpe:/a:oracle:linux:7::developer_uekr5
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/6/2024
Vulnerability Publication Date: 8/19/2019
CISA Known Exploited Vulnerability Due Dates: 8/28/2024
Reference Information
CVE: CVE-2019-15222, CVE-2021-33655, CVE-2021-3759, CVE-2023-31083, CVE-2024-36971, CVE-2024-42131, CVE-2024-42228, CVE-2024-42259, CVE-2024-42265, CVE-2024-42271, CVE-2024-42280, CVE-2024-42284, CVE-2024-42285, CVE-2024-42289, CVE-2024-42295, CVE-2024-42297, CVE-2024-42301, CVE-2024-42304, CVE-2024-42305, CVE-2024-42309, CVE-2024-42310, CVE-2024-42311, CVE-2024-42313, CVE-2024-43839, CVE-2024-43853, CVE-2024-43854, CVE-2024-43856, CVE-2024-43858, CVE-2024-43860, CVE-2024-43861, CVE-2024-43871, CVE-2024-43882, CVE-2024-43883, CVE-2024-43884, CVE-2024-43890, CVE-2024-43893, CVE-2024-43914, CVE-2024-44944, CVE-2024-44946, CVE-2024-44947, CVE-2024-44948, CVE-2024-44954, CVE-2024-44960, CVE-2024-44968, CVE-2024-44987, CVE-2024-44998, CVE-2024-44999, CVE-2024-45008, CVE-2024-45021, CVE-2024-45028, CVE-2024-46673, CVE-2024-46674, CVE-2024-46675, CVE-2024-46677, CVE-2024-46685, CVE-2024-46721, CVE-2024-46722, CVE-2024-46723, CVE-2024-46743, CVE-2024-46744, CVE-2024-46745, CVE-2024-46750, CVE-2024-46755, CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759, CVE-2024-46761, CVE-2024-46771, CVE-2024-46780, CVE-2024-46781, CVE-2024-46800, CVE-2024-46829, CVE-2024-46840, CVE-2024-46844, CVE-2024-47669, CVE-2024-47696, CVE-2024-47709, CVE-2024-49958, CVE-2024-50074