Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2023-12911.NASL
HistoryOct 14, 2023 - 12:00 a.m.

Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12911)

2023-10-1400:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
oracle linux 8
unbreakable enterprise kernel
security vulnerabilities
amd cpus
netfilter subsystem
division-by-zero error
rds module
uek
nessus scan
JSON

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12911 advisory.

  • A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. (CVE-2023-20569)

  • An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h->nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. (CVE-2023-42753)

  • A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. (CVE-2023-20588)

  • In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. (CVE-2023-22024)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2023-12911.
##

include('compat.inc');

if (description)
{
  script_id(183083);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/14");

  script_cve_id(
    "CVE-2023-5090",
    "CVE-2023-20569",
    "CVE-2023-20588",
    "CVE-2023-22024",
    "CVE-2023-42753"
  );

  script_name(english:"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2023-12911)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2023-12911 advisory.

  - A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address
    prediction. This may result in speculative execution at an attacker-controlled?address, potentially
    leading to information disclosure. (CVE-2023-20569)

  - An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro
    could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to
    arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash
    the system or potentially escalate their privileges on the system. (CVE-2023-42753)

  - A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss
    of confidentiality. (CVE-2023-20588)

  - In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options,
    RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can
    use this to crash the kernel. (CVE-2023-22024)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2023-12911.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-42753");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/10/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:linux:8::UEKR6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-container");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-container-debug");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('ksplice.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
if ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);

var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
  var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
  var fixed_uptrack_levels = ['5.4.17-2136.324.5.3.el8'];
  foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
    if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
    {
      audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2023-12911');
    }
  }
  __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}

var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '5.4';
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);

var pkgs = [
    {'reference':'kernel-uek-container-5.4.17-2136.324.5.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},
    {'reference':'kernel-uek-container-debug-5.4.17-2136.324.5.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release) {
    if (exists_check) {
        if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');
}
VendorProductVersionCPE
oraclelinux8cpe:/a:oracle:linux:8::uekr6
oraclelinux8cpe:/o:oracle:linux:8
oraclelinuxkernel-uek-containerp-cpe:/a:oracle:linux:kernel-uek-container
oraclelinuxkernel-uek-container-debugp-cpe:/a:oracle:linux:kernel-uek-container-debug

Related

oraclelinux 22
nessus 71
prion 5
redhatcve 4
cvelist 5
cve 5
cbl_mariner 3
debiancve 4
ubuntucve 5
osv 12
openvas 20
veracode 2
amd 2
redhat 15
almalinux 2
rocky 1
xen 2
amazon 2
mscve 2
centos 2
ubuntu 5
cloudfoundry 1
hp 1
f5 1
fedora 3
debian 2
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2023-10-17 00:00:00
Unbreakable Enterprise kernel-container security update
2023-10-13 00:00:00
Unbreakable Enterprise kernel-container security update
2023-10-13 00:00:00
nessus
nessus
Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2023-12910)
2023-10-13 00:00:00
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-12874)
2023-10-13 00:00:00
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-12858)
2023-10-10 00:00:00
prion
prion
Race condition
2023-11-06 11:15:00
Design/Logic Flaw
2023-09-20 21:15:00
Design/Logic Flaw
2023-08-08 18:15:00
redhatcve
redhatcve
CVE-2023-5090
2023-11-06 10:26:34
CVE-2023-20588
2023-08-08 18:19:38
CVE-2023-42753
2023-09-25 11:25:02
cvelist
cvelist
CVE-2023-22024
2023-09-20 20:39:57
CVE-2023-5090 Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
2023-11-06 10:56:57
CVE-2023-20588 Speculative Leaks
2023-08-08 17:06:30
cve
cve
CVE-2023-22024
2023-09-20 21:15:11
CVE-2023-5090
2023-11-06 10:56:57
CVE-2023-42753
2023-09-25 20:25:59
cbl_mariner
cbl_mariner
CVE-2023-5090 affecting package kernel for versions less than 5.15.153.1-1
2024-04-09 20:48:36
CVE-2023-42753 affecting package hyperv-daemons for versions less than 5.15.133.1-1
2023-10-11 01:41:59
CVE-2023-42753 affecting package kernel for versions less than 5.15.135.1-2
2023-11-08 02:07:28
debiancve
debiancve
CVE-2023-5090
2023-11-06 10:56:57
CVE-2023-42753
2023-09-25 20:25:59
CVE-2023-20569
2023-08-08 18:15:11
ubuntucve
ubuntucve
CVE-2023-5090
2023-11-06 00:00:00
CVE-2023-20569
2023-08-08 00:00:00
CVE-2023-20588
2023-08-08 00:00:00
osv
osv
CVE-2023-20588
2023-08-08 18:15:11
Important: kernel security update
2024-01-10 00:00:00
Important: kernel-rt security update
2024-01-12 19:57:11
openvas
openvas
CentOS: Security Advisory for bpftool (CESA-2024:0346)
2024-03-05 00:00:00
openSUSE: Security Advisory for kernel (SUSE-SU-2023:3298-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3362-1)
2023-08-21 00:00:00
veracode
veracode
Information Disclosure
2023-10-02 17:15:30
Information Disclosure
2023-08-13 09:11:17
amd
amd
Speculative Leaks Security Notice
2023-08-08 00:00:00
Return Address Security Bulletin
2023-08-08 00:00:00
redhat
redhat
(RHSA-2024:0371) Important: kpatch-patch security update
2024-01-23 17:03:20
(RHSA-2024:0346) Important: kernel security and bug fix update
2024-01-23 15:58:23
(RHSA-2024:0347) Important: kernel-rt security and bug fix update
2024-01-23 15:58:24
almalinux
almalinux
Important: kernel security update
2024-01-10 00:00:00
Moderate: linux-firmware security, bug fix, and enhancement update
2023-11-14 00:00:00
rocky
rocky
kernel-rt security update
2024-01-12 19:57:11
xen
xen
x86/AMD: Speculative Return Stack Overflow
2023-08-08 15:53:00
x86/AMD: Divide speculative information leak
2023-09-25 16:03:00
amazon
amazon
Medium: kernel
2023-08-30 17:56:00
Medium: kernel
2023-08-31 22:29:00
mscve
mscve
AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice
2023-12-12 08:00:00
AMD: CVE-2023-20569 Return Address Predictor
2023-08-08 07:00:00
centos
centos
bpftool, kernel, perf, python security update
2024-01-26 18:06:10
iwl100, iwl1000, iwl105, iwl135, iwl2000, iwl2030, iwl3160, iwl3945, iwl4965, iwl5000, iwl5150, iwl6000, iwl6000g2a, iwl6000g2b, iwl6050, iwl7260, linux security update
2024-01-12 19:14:06
ubuntu
ubuntu
AMD Microcode vulnerability
2023-08-30 00:00:00
Linux kernel (AWS) vulnerabilities
2024-01-10 00:00:00
Linux kernel (OEM) vulnerabilities
2023-09-19 00:00:00
cloudfoundry
cloudfoundry
USN-6319-1: AMD Microcode vulnerability | Cloud Foundry
2023-10-05 00:00:00
hp
hp
AMD Client UEFI Firmware Return Address Security Update
2023-12-07 00:00:00
f5
f5
K000139684: AMD processors vulnerability CVE-2023-20569
2024-05-20 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: kernel-6.4.9-200.fc38
2023-08-10 00:43:18
[SECURITY] Fedora 38 Update: xen-4.17.2-1.fc38
2023-08-16 01:22:32
[SECURITY] Fedora 37 Update: kernel-6.4.9-100.fc37
2023-08-10 00:43:46
debian
debian
[SECURITY] [DSA 5475-1] linux security update
2023-08-11 07:57:37
[SECURITY] [DLA 3525-1] linux-5.10 security update
2023-08-11 17:21:29
JSON
Related for ORACLELINUX_ELSA-2023-12911.NASL
oraclelinux22nessus71prion5redhatcve4cvelist5cve5cbl_mariner3debiancve4ubuntucve5osv12openvas20veracode2amd2redhat15almalinux2rocky1xen2amazon2mscve2centos2ubuntu5cloudfoundry1hp1f51fedora3debian2