Rapid7 Vulnerability & Exploit Database

Oracle Linux: ELSA-2018-4011: Unbreakable Enterprise kernel security update

Back to Search

Oracle Linux: ELSA-2018-4011: Unbreakable Enterprise kernel security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
01/12/2018
Created
03/05/2020
Added
03/02/2020
Modified
03/02/2020

Description

[4.1.12-112.14.11] - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27363926] [Orabug: 27352353] {CVE-2017-5754} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27369994] - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27362581] - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27363792] - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27339995] {CVE-2017-5715} - ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27339995] {CVE-2017-5715} - x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365544] {CVE-2017-5715}

Solution(s)

  • oracle-linux-upgrade-kernel-uek
  • oracle-linux-upgrade-kernel-uek-debug
  • oracle-linux-upgrade-kernel-uek-debug-devel
  • oracle-linux-upgrade-kernel-uek-devel
  • oracle-linux-upgrade-kernel-uek-doc
  • oracle-linux-upgrade-kernel-uek-firmware

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;