Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2022-9710.NASLHistoryAug 16, 2022 - 12:00 a.m.
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9710)
2022-08-1600:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
7.7 High
AI Score
Confidence
High
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9710 advisory.
-
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)
-
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. (CVE-2022-2153)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2022-9710.
##
include('compat.inc');
if (description)
{
script_id(164136);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id(
"CVE-2022-2153",
"CVE-2022-2588",
"CVE-2022-21505",
"CVE-2022-29901"
);
script_name(english:"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9710)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in
the ELSA-2022-9710 advisory.
- Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their
retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can
hijack return instructions to achieve arbitrary speculative code execution under certain
microarchitecture-dependent conditions. (CVE-2022-29901)
- A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it
possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This
flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel
oops condition that results in a denial of service. (CVE-2022-2153)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2022-9710.html");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-29901");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-2588");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/12");
script_set_attribute(attribute:"patch_publication_date", value:"2022/08/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-container");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-container-debug");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('ksplice.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^(7|8)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
if ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);
var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
var fixed_uptrack_levels = ['5.4.17-2136.310.7.el7', '5.4.17-2136.310.7.el8'];
foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9710');
}
}
__rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}
var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '5.4';
if (kernel_major_minor != expected_kernel_major_minor)
audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);
var pkgs = [
{'reference':'kernel-uek-container-5.4.17-2136.310.7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},
{'reference':'kernel-uek-container-debug-5.4.17-2136.310.7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},
{'reference':'kernel-uek-container-5.4.17-2136.310.7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},
{'reference':'kernel-uek-container-debug-5.4.17-2136.310.7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && release) {
if (exists_check) {
if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');
}
Related
nessus
nessus
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9709)
2022-08-16 00:00:00
Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9602)
2022-07-19 00:00:00
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9609)
2022-07-19 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2022-08-15 00:00:00
Unbreakable Enterprise kernel security update
2022-08-15 00:00:00
Unbreakable Enterprise kernel security update
2022-07-19 00:00:00
amazon
amazon
Important: kernel
2022-09-01 21:09:00
Important: kernel
2022-09-01 21:09:00
Important: kernel
2022-09-30 02:41:00
ubuntucve
ubuntucve
cve
cve
redhatcve
redhatcve
veracode
veracode
Authentication Bypass
2023-05-01 22:43:24
Denial Of Service (DoS)
2022-11-19 16:21:40
Authentication Bypass
2022-11-10 00:24:39
debiancve
debiancve
prion
prion
Null pointer dereference
2022-08-31 16:15:00
Design/Logic Flaw
2022-07-12 19:15:00
Design/Logic Flaw
2024-01-08 18:15:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-08-10 00:00:00
Linux kernel vulnerability
2022-08-30 00:00:00
Linux kernel vulnerabilities
2022-08-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5565-1)
2022-08-26 00:00:00
Mageia: Security Advisory (MGASA-2022-0279)
2022-08-08 00:00:00
Ubuntu: Security Advisory (USN-5588-1)
2022-09-05 00:00:00
osv
osv
linux, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities
2022-08-10 17:37:09
linux vulnerability
2022-08-30 14:13:15
Important: kernel security, bug fix, and enhancement update
2022-10-25 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-2153 affecting package kernel 5.10.134.1-2
2022-10-04 07:51:40
CVE-2022-2153 affecting package kernel 5.15.57.1-3
2022-10-05 23:34:27
CVE-2022-2588 affecting package kernel 5.15.148.2-2
2024-04-09 20:48:36
intel
intel
Intel® Processors Return Stack Buffer Underflow Advisory
2022-07-12 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2022-08-06 18:43:47
Updated kernel packages fix security vulnerabilities
2022-08-06 18:43:47
f5
f5
K32615023 : Linux kernel vulnerability CVE-2022-2588
2022-10-20 00:00:00
K57185580 : RetBleed CPU vulnerability CVE-2022-29900
2022-08-02 00:00:00
K83713003 : RetBleed CPU vulnerability CVE-2022-29901
2022-08-02 00:00:00
redhat
redhat
(RHSA-2022:7171) Important: kernel security and bug fix update
2022-10-25 12:36:50
(RHSA-2023:4023) Important: kpatch-patch security update
2023-07-11 07:39:10
(RHSA-2022:7137) Important: kpatch-patch security update
2022-10-25 07:52:27
zdi
zdi
githubexploit
githubexploit
Exploit for Double Free in Linux Linux Kernel
2023-03-09 21:29:56
Exploit for Double Free in Linux Linux Kernel
2022-12-04 22:10:57
Exploit for CVE-2022-2588
2022-09-18 21:35:19
almalinux
almalinux
Important: kernel-rt security and bug fix update
2022-10-25 00:00:00
Important: kernel security, bug fix, and enhancement update
2022-10-25 00:00:00
rocky
rocky
kernel-rt security and bug fix update
2022-10-25 07:38:43
kernel security, bug fix, and enhancement update
2022-10-25 07:23:52
ibm
ibm
thn
thn
"As Nasty as Dirty Pipe" — 8 Year Old Linux Kernel Vulnerability Uncovered
2022-08-22 13:05:00
New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs
2022-07-13 14:22:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0248
2022-09-20 00:00:00
Important Photon OS Security Update - PHSA-2022-0226
2022-08-10 00:00:00
Moderate Photon OS Security Update - PHSA-2022-0506
2022-08-10 00:00:00
debian
debian
[SECURITY] [DLA 3102-1] linux-5.10 new package
2022-09-11 19:35:03
[SECURITY] [DSA 5207-1] linux security update
2022-08-15 19:52:20
fedora
fedora
[SECURITY] Fedora 36 Update: kernel-5.18.17-200.fc36
2022-08-14 02:39:58
[SECURITY] Fedora 35 Update: kernel-5.18.17-100.fc35
2022-08-14 03:02:16
[SECURITY] Fedora 36 Update: kernel-5.18.11-200.fc36
2022-07-14 01:49:14
suse
suse
Security update for the Linux Kernel (important)
2022-08-12 00:00:00
Security update for the Linux Kernel (important)
2022-08-09 00:00:00
xen
xen
Retbleed - arbitrary speculative code execution with return instructions
2022-07-12 16:35:00