Updated kernel-rt packages fix denial of service, memory access flaws, and bugs, add enhancements
Reporter | Title | Published | Views | Family All 163 |
---|---|---|---|---|
![]() | Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update | 13 Sep 202409:20 | – | osv |
![]() | Red Hat Security Advisory: kernel security and bug fix update | 15 Sep 202422:26 | – | osv |
![]() | Red Hat Security Advisory: kernel security, bug fix, and enhancement update | 15 Sep 202422:02 | – | osv |
![]() | (RHSA-2014:1943) Moderate: kernel-rt security, bug fix, and enhancement update | 2 Dec 201400:00 | – | redhat |
![]() | (RHSA-2015:0864) Important: kernel security and bug fix update | 21 Apr 201500:00 | – | redhat |
![]() | (RHSA-2015:0290) Important: kernel security, bug fix, and enhancement update | 5 Mar 201500:00 | – | redhat |
![]() | Ubuntu: Security Advisory (USN-2444-1) | 26 Aug 202200:00 | – | openvas |
![]() | Oracle: Security Advisory (ELSA-2015-3015) | 6 Oct 201500:00 | – | openvas |
![]() | Ubuntu: Security Advisory (USN-2443-1) | 26 Aug 202200:00 | – | openvas |
![]() | Oracle: Security Advisory (ELSA-2015-3014) | 6 Oct 201500:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2014:1943. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(79684);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id(
"CVE-2014-7283",
"CVE-2014-7825",
"CVE-2014-7826"
);
script_bugtraq_id(
70261,
70971,
70972
);
script_xref(name:"RHSA", value:"2014:1943");
script_name(english:"RHEL 6 : kernel-rt (RHSA-2014:1943)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"Updated kernel-rt packages that fix three security issues, several
bugs, and add various enhancements are now available for Red Hat
Enterprise MRG 2.5.
Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
* A denial of service flaw was found in the way the Linux
kernel's XFS file system implementation ordered
directory hashes under certain conditions. A local
attacker could use this flaw to corrupt the file system
by creating directories with colliding hash values,
potentially resulting in a system crash. (CVE-2014-7283,
Moderate)
* An out-of-bounds memory access flaw was found in the
syscall tracing functionality of the Linux kernel's perf
subsystem. A local, unprivileged user could use this
flaw to crash the system. (CVE-2014-7825, Moderate)
* An out-of-bounds memory access flaw was found in the
syscall tracing functionality of the Linux kernel's
ftrace subsystem. On a system with ftrace syscall
tracing enabled, a local, unprivileged user could use
this flaw to crash the system, or escalate their
privileges. (CVE-2014-7826, Moderate)
The kernel-rt packages have been upgraded to upstream version 3.10.58,
which provides a number of bug fixes and enhancements over the
previous version. (BZ#1158105)
This update also fixes the following bugs :
* Automatic NUMA balancing on a low priority thread could
cause memory contention with a high priority thread
running in the same process. This contention could
trigger poor real time performance on the system. In
order to avoid this potential memory contention, the MRG
Realtime kernel now disables
NUMA_BALANCING_DEFAULT_ENABLED. (BZ#1158940)
* When tracing a bug, WARN*() functions could flood the
ring buffer making the trace useless or even overflowing
the ring buffer. To address this issue, a
traceoff_on_warning option was added to the kernel
command line and as a sysctl option. This option
disables the writing of the warning messages to the ring
buffer, which results in a cleaner trace for debugging.
(BZ#1155200)
In addition, this update adds the following enhancement :
* Support for XHCI (USB 3) is now enabled in the MRG
Realtime kernel. (BZ#1134095)
All kernel-rt users are advised to upgrade to these updated packages,
which contain correct these issues and add these enhancements. The
system must be rebooted for this update to take effect.");
script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-7283.html");
script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-7825.html");
script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-7826.html");
script_set_attribute(attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2014-1943.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/27");
script_set_attribute(attribute:"patch_publication_date", value:"2014/12/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2014:1943";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debug-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debug-debuginfo-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debug-devel-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debuginfo-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debuginfo-common-x86_64-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-devel-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-devel-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-doc-3.10.0-") && rpm_check(release:"RHEL6", reference:"kernel-rt-doc-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-firmware-3.10.0-") && rpm_check(release:"RHEL6", reference:"kernel-rt-firmware-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-trace-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-trace-debuginfo-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-trace-devel-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-vanilla-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-vanilla-debuginfo-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-debuginfo-3.10.58-rt62.58.el6rt")) flag++;
if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-vanilla-devel-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-devel-3.10.58-rt62.58.el6rt")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc");
}
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo