Lucene search
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2019-4509.NASLHistoryJan 16, 2019 - 12:00 a.m.
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4509)
2019-01-1600:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
130
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4509 advisory.
-
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ‘ie_len’ argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
(CVE-2018-5848) -
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. (CVE-2018-10322)
-
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)
-
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). (CVE-2018-8043)
-
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. (CVE-2018-19824)
-
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. (CVE-2018-19407)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2019-4509.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(121201);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/08");
script_cve_id(
"CVE-2018-5848",
"CVE-2018-7755",
"CVE-2018-8043",
"CVE-2018-10322",
"CVE-2018-19407",
"CVE-2018-19824"
);
script_name(english:"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4509)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2019-4509 advisory.
- In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow
properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android
releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
(CVE-2018-5848)
- The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows
local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a
crafted xfs image. (CVE-2018-10322)
- An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel
through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM
ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the
location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)
- The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8
does not validate certain resource availability, which allows local users to cause a denial of service
(NULL pointer dereference). (CVE-2018-8043)
- In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by
supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in
sound/usb/card.c. (CVE-2018-19824)
- The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users
to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a
situation where ioapic is uninitialized. (CVE-2018-19407)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2019-4509.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5848");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/11");
script_set_attribute(attribute:"patch_publication_date", value:"2019/01/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('ksplice.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
var fixed_uptrack_levels = ['4.14.35-1844.1.3.el7uek'];
foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4509');
}
}
__rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}
var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '4.14';
if (kernel_major_minor != expected_kernel_major_minor)
audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);
var pkgs = [
{'reference':'kernel-uek-4.14.35-1844.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},
{'reference':'kernel-uek-4.14.35-1844.1.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},
{'reference':'kernel-uek-debug-4.14.35-1844.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},
{'reference':'kernel-uek-debug-4.14.35-1844.1.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},
{'reference':'kernel-uek-debug-devel-4.14.35-1844.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},
{'reference':'kernel-uek-debug-devel-4.14.35-1844.1.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},
{'reference':'kernel-uek-devel-4.14.35-1844.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},
{'reference':'kernel-uek-devel-4.14.35-1844.1.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},
{'reference':'kernel-uek-doc-4.14.35-1844.1.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},
{'reference':'kernel-uek-headers-4.14.35-1844.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},
{'reference':'kernel-uek-tools-4.14.35-1844.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},
{'reference':'kernel-uek-tools-4.14.35-1844.1.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},
{'reference':'kernel-uek-tools-libs-4.14.35-1844.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},
{'reference':'kernel-uek-tools-libs-devel-4.14.35-1844.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},
{'reference':'perf-4.14.35-1844.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-perf-4.14.35-1844.1.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && release) {
if (exists_check) {
if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | 7 | cpe:/o:oracle:linux:7 |
| oracle | linux | kernel-uek | p-cpe:/a:oracle:linux:kernel-uek |
| oracle | linux | kernel-uek-debug | p-cpe:/a:oracle:linux:kernel-uek-debug |
| oracle | linux | kernel-uek-debug-devel | p-cpe:/a:oracle:linux:kernel-uek-debug-devel |
| oracle | linux | kernel-uek-devel | p-cpe:/a:oracle:linux:kernel-uek-devel |
| oracle | linux | kernel-uek-doc | p-cpe:/a:oracle:linux:kernel-uek-doc |
| oracle | linux | kernel-uek-headers | p-cpe:/a:oracle:linux:kernel-uek-headers |
| oracle | linux | kernel-uek-tools | p-cpe:/a:oracle:linux:kernel-uek-tools |
| oracle | linux | kernel-uek-tools-libs | p-cpe:/a:oracle:linux:kernel-uek-tools-libs |
| oracle | linux | kernel-uek-tools-libs-devel | p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10322
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19407
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19824
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5848
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8043
linux.oracle.com/errata/ELSA-2019-4509.html
Related
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2019-01-15 00:00:00
Unbreakable Enterprise kernel security update
2018-12-11 00:00:00
Unbreakable Enterprise kernel security update
2019-01-15 00:00:00
nessus
nessus
Photon OS 2.0: Linux PHSA-2018-2.0-0073 (deprecated)
2018-08-17 00:00:00
Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3879-2)
2019-02-05 00:00:00
Amazon Linux AMI : kernel (ALAS-2019-1279)
2019-09-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:18:34
Information Disclosure
2019-08-08 00:07:18
Privilege Escalation
2021-02-10 06:05:27
openvas
openvas
Ubuntu: Security Advisory (USN-3879-1)
2019-02-05 00:00:00
Fedora Update for kernel FEDORA-2018-2645eb8dab
2019-05-07 00:00:00
Ubuntu: Security Advisory (USN-3879-2)
2019-02-05 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: kernel-4.19.9-300.fc29
2018-12-18 03:07:10
[SECURITY] Fedora 29 Update: kernel-4.19.14-300.fc29
2019-01-15 02:34:33
[SECURITY] Fedora 29 Update: kernel-4.19.7-300.fc29
2018-12-11 02:43:47
prion
prion
Null pointer dereference
2018-11-21 00:29:00
Code injection
2018-03-08 07:29:00
Null pointer dereference
2018-03-10 22:29:00
redhatcve
redhatcve
debiancve
debiancve
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-1.0-0169
2018-07-31 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-2.0-0073
2018-07-19 00:00:00
Moderate Photon OS Security Update - PHSA-2018-0073
2018-07-19 00:00:00
cve
cve
ubuntucve
ubuntucve
ubuntu
ubuntu
Linux kernel vulnerabilities
2019-02-04 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2019-02-04 00:00:00
Linux kernel vulnerability
2018-04-23 00:00:00
cloudfoundry
cloudfoundry
USN-3879-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2019-02-15 00:00:00
osv
osv
CVE-2018-10322
2018-04-24 06:29:00
CVE-2018-5848
2018-06-12 20:29:00
amazon
amazon
f5
f5
K93554290 : Linux kernel vulnerability CVE-2018-19407
2019-02-04 00:00:00
K98155950 : Linux kernel vulnerability CVE-2018-19824
2019-04-01 00:00:00
K03007515 : Linux kernel vulnerabilities CVE-2018-7755 and CVE-2019-14283
2022-05-19 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2018-04-17 18:07:39
Security update for the Linux Kernel (important)
2019-02-06 00:00:00
Security update for the Linux Kernel (important)
2019-01-18 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-10-27 12:45:46
Related for ORACLELINUX_ELSA-2019-4509.NASL