Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20180313_KERNEL_ON_SL6_X.NASL
HistoryMar 15, 2018 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180313) (Meltdown) (Spectre)

2018-03-1500:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
JSON

Security Fix(es) :

  • hw: cpu: speculative execution branch target injection (s390-only) (CVE-2017-5715, Important)

  • hw: cpu: speculative execution bounds-check bypass (s390 and powerpc) (CVE-2017-5753, Important)

  • hw: cpu: speculative execution permission faults handling (powerpc-only) (CVE-2017-5754)

Bug Fixes :

  • If a fibre channel (FC) switch was powered down and then powered on again, the SCSI device driver stopped permanently the SCSI device’s request queue.
    Consequently, the FC port login failed, leaving the port state as ‘Bypassed’ instead of ‘Online’, and users had to reboot the operating system. This update fixes the driver to avoid the permanent stop of the request queue.
    As a result, SCSI device now continues working as expected after power cycling the FC switch.

  • Previously, on final close or unlink of a file, the find_get_pages() function in the memory management sometimes found no pages even if there were some pages left to save. Consequently, a kernel crash occurred when attempting to enter the unlink() function. This update fixes the find_get_pages() function in the memory management code to not return 0 too early. As a result, the kernel no longer crashes due to this behavior.

  • Using IPsec connections under a heavy load could previously lead to a network performance degradation, especially when using the aesni-intel module. This update fixes the issue by making the cryptd queue length configurable so that it can be increased to prevent an overflow and packet drop. As a result, using IPsec under a heavy load no longer reduces network performance.

  • Previously, a deadlock in the bnx2fc driver caused all adapters to block and the SCSI error handler to become unresponsive. As a result, data transferring through the adapter was sometimes blocked. This update fixes bnx2fc, and data transferring through the adapter is no longer blocked due to this behavior.

  • If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation.

The system must be rebooted for this update to take effect.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(108364);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");

  script_cve_id("CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754");
  script_xref(name:"IAVA", value:"2018-A-0019");
  script_xref(name:"IAVA", value:"2018-A-0020");

  script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180313) (Meltdown) (Spectre)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security Fix(es) :

  - hw: cpu: speculative execution branch target injection
    (s390-only) (CVE-2017-5715, Important)

  - hw: cpu: speculative execution bounds-check bypass (s390
    and powerpc) (CVE-2017-5753, Important)

  - hw: cpu: speculative execution permission faults
    handling (powerpc-only) (CVE-2017-5754)

Bug Fixes :

  - If a fibre channel (FC) switch was powered down and then
    powered on again, the SCSI device driver stopped
    permanently the SCSI device's request queue.
    Consequently, the FC port login failed, leaving the port
    state as 'Bypassed' instead of 'Online', and users had
    to reboot the operating system. This update fixes the
    driver to avoid the permanent stop of the request queue.
    As a result, SCSI device now continues working as
    expected after power cycling the FC switch.

  - Previously, on final close or unlink of a file, the
    find_get_pages() function in the memory management
    sometimes found no pages even if there were some pages
    left to save. Consequently, a kernel crash occurred when
    attempting to enter the unlink() function. This update
    fixes the find_get_pages() function in the memory
    management code to not return 0 too early. As a result,
    the kernel no longer crashes due to this behavior.

  - Using IPsec connections under a heavy load could
    previously lead to a network performance degradation,
    especially when using the aesni-intel module. This
    update fixes the issue by making the cryptd queue length
    configurable so that it can be increased to prevent an
    overflow and packet drop. As a result, using IPsec under
    a heavy load no longer reduces network performance.

  - Previously, a deadlock in the bnx2fc driver caused all
    adapters to block and the SCSI error handler to become
    unresponsive. As a result, data transferring through the
    adapter was sometimes blocked. This update fixes bnx2fc,
    and data transferring through the adapter is no longer
    blocked due to this behavior.

  - If an NFSv3 client mounted a subdirectory of an exported
    file system, a directory entry to the mount hosting the
    export was incorrectly held even after clearing the
    cache. Consequently, attempts to unmount the
    subdirectory with the umount command failed with the
    EBUSY error. With this update, the underlying source
    code has been fixed, and the unmount operation now
    succeeds as expected in the described situation.

The system must be rebooted for this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1803&L=scientific-linux-errata&F=&S=&P=8507
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?45c4ed6f"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/15");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"kernel-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-abi-whitelists-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debuginfo-common-i686-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-696.23.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-debuginfo-2.6.32-696.23.1.el6")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernel-firmwarep-cpe:/a:fermilab:scientific_linux:kernel-firmware
fermilabscientific_linuxkernel-headersp-cpe:/a:fermilab:scientific_linux:kernel-headers
fermilabscientific_linuxperfp-cpe:/a:fermilab:scientific_linux:perf
fermilabscientific_linuxperf-debuginfop-cpe:/a:fermilab:scientific_linux:perf-debuginfo
fermilabscientific_linuxpython-perfp-cpe:/a:fermilab:scientific_linux:python-perf
fermilabscientific_linuxpython-perf-debuginfop-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-abi-whitelistsp-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
Rows per page:
1-10 of 171

Related

nessus 62
qualysblog 6
suse 5
ibm 27
paloalto 1
malwarebytes 2
nvidia 7
kitploit 1
cloudfoundry 1
redhat 23
cisco 1
openvas 24
centos 2
huawei 2
redhatcve 1
seebug 1
mageia 1
lenovo 2
threatpost 3
symantec 3
f5 1
vmware 2
virtuozzo 4
arista 1
ubuntu 6
securelist 1
thn 2
citrix 1
talosblog 1
oraclelinux 2
veeam 1
xen 1
cert 1
nessus
nessus
Virtuozzo 7 : crit / criu / criu-devel / ksm-vz / libcompel / etc (VZA-2018-003)
2018-01-09 00:00:00
RHEL 6 : kernel (RHSA-2018:0496) (Meltdown) (Spectre)
2018-03-14 00:00:00
AIX 7.2 TL 0 : spectre_meltdown (IJ03034) (Meltdown) (Spectre)
2018-01-25 00:00:00
qualysblog
qualysblog
Meltdown and Spectre Aren’t Business as Usual
2018-01-18 22:22:16
Apple in the InfoSec Spotlight, as GitHub Falls Prey to Amplified DDoS Attack
2018-03-02 14:48:53
Meltdown/Spectre and Qualys Cloud Platform
2018-01-09 02:36:19
suse
suse
Security update for the Linux Kernel (important)
2018-01-22 15:08:49
Security update for the Linux Kernel (important)
2018-01-16 21:08:59
Security update for the Linux Kernel (important)
2018-01-16 21:08:19
ibm
ibm
Security Bulletin: IBM StoredIQ has released Interim Fix 7.6.0.14-IBMStoredIQ_IF001 in response to the vulnerabilities known as Spectre and Meltdown.
2018-06-17 12:19:15
Security Bulletin: IBM Security Identity Governance and Intelligence has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown
2018-07-27 12:21:10
Security Bulletin: IBM QRadar Network Packet Capture has released 7.3.1 Patch 1, and 7.2.8 Patch 1 in response to the vulnerabilities known as Spectre and Meltdown.
2022-12-12 20:14:44
paloalto
paloalto
Information about Meltdown and Spectre findings
2018-01-04 00:00:00
malwarebytes
malwarebytes
Meltdown and Spectre fallout: patching problems persist
2018-01-11 14:00:00
Meltdown and Spectre: what you need to know
2018-01-04 15:53:24
nvidia
nvidia
Security Bulletin: NVIDIA GeForce Experience (GFE) Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-09 00:00:00
Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-04 00:00:00
Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, and Tegra K1 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities
2018-01-05 00:00:00
kitploit
kitploit
Spectre-Meltdown-Checker - Spectre & Meltdown Vulnerability/Mitigation Checker For Linux
2018-01-08 12:43:00
cloudfoundry
cloudfoundry
USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-01-23 00:00:00
redhat
redhat
(RHSA-2018:0011) Important: kernel security update
2018-01-03 22:35:00
(RHSA-2018:0017) Important: kernel security update
2018-01-04 05:10:29
(RHSA-2018:0044) Important: redhat-virtualization-host security update
2018-01-05 15:35:38
cisco
cisco
CPU Side-Channel Information Disclosure Vulnerabilities
2018-01-04 22:20:00
openvas
openvas
Ubuntu: Security Advisory (USN-3597-1)
2018-03-15 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1002)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1638)
2020-01-23 00:00:00
centos
centos
kernel, perf, python security update
2018-01-04 11:36:27
kernel, perf, python security update
2018-01-04 19:46:26
huawei
huawei
Security Advisory - CPU Vulnerabilities Meltdown and Spectre
2018-06-06 00:00:00
Security Advisory - CPU Vulnerabilities 'Meltdown' and 'Spectre'
2018-01-06 00:00:00
redhatcve
redhatcve
CVE-2017-5715
2021-07-20 18:54:09
seebug
seebug
Reading privileged memory with a side-channel (Meltdown & Spectre)
2018-01-04 00:00:00
mageia
mageia
Updated nvidia-current packages mitigates security issues
2018-01-13 17:28:36
lenovo
lenovo
Reading Privileged Memory with a Side Channel - Lenovo Support US
2018-10-24 12:22:52
Reading Privileged Memory with a Side Channel - US
2018-10-24 12:22:52
threatpost
threatpost
Experts Weigh In On Spectre Patch Challenges
2018-01-07 23:21:34
Vendors Share Patch Updates on Spectre and Meltdown Mitigation Efforts
2018-01-04 13:01:52
Google Releases Spectre PoC Exploit For Chrome
2021-03-16 14:01:06
symantec
symantec
Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-01-03 00:00:00
SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks
2018-01-08 08:00:00
Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability
2018-01-03 00:00:00
f5
f5
Side-channel processor vulnerabilities CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754
2018-01-04 04:46:00
vmware
vmware
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
2018-02-08 00:00:00
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
2018-02-08 00:00:00
virtuozzo
virtuozzo
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 3.10.0-693.11.6.vz7.40.4, Virtuozzo 7.0 Update 6 Hotfix 3 (7.0.6-710)
2018-01-08 00:00:00
Important kernel security update: Fixes for Meltdown and Spectre exploits; new kernel 2.6.32-042stab127.2, Virtuozzo 6.0 Update 12 Hotfix 20 (6.0.12-3690)
2018-01-06 00:00:00
Important product update: Fixes for Meltdown and Spectre exploits in virtual machines; Virtuozzo 6.0 Update 12 Hotfix 21 (6.0.12-3698)
2018-02-01 00:00:00
arista
arista
Security Advisory 0031
2018-01-03 00:00:00
ubuntu
ubuntu
Linux kernel (HWE) vulnerabilities
2018-03-15 00:00:00
Linux kernel vulnerabilities
2018-01-23 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2018-01-23 00:00:00
securelist
securelist
IT threat evolution Q1 2018
2018-05-14 10:00:08
thn
thn
[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks
2018-01-04 21:18:00
Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors
2018-01-03 19:34:00
citrix
citrix
Citrix Security Updates for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
2018-01-03 04:00:00
talosblog
talosblog
Meltdown and Spectre
2018-01-08 09:16:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-01-19 00:00:00
kernel security update
2018-01-04 00:00:00
veeam
veeam
Meltdown and Spectre vulnerabilities
2018-01-09 00:00:00
xen
xen
Information leak via side effects of speculative execution
2018-01-03 22:29:00
cert
cert
CPU hardware vulnerable to side-channel attacks
2018-01-04 00:00:00
JSON
Related for SL_20180313_KERNEL_ON_SL6_X.NASL
nessus62qualysblog6suse5ibm27paloalto1malwarebytes2nvidia7kitploit1cloudfoundry1redhat23cisco1openvas24centos2huawei2redhatcve1seebug1mageia1lenovo2threatpost3symantec3f51vmware2virtuozzo4arista1ubuntu6securelist1thn2citrix1talosblog1oraclelinux2veeam1xen1cert1