Multiple vulnerabilities are found in Oracle Linux Kernel which have been patched in the updated version.
PUBLISH DATE: 12-10-2018
Oracle Linux has issued an update for kernel. This update patches multiple vulnerabilities, which can be exploited by people with malicious intent, or by local users to disclose sensitive information, cause a DoS (Denial of Service), and gain elevated privileges.
The Following vulnerabilities have been detected in Oracle Linux 7 which have been patched in its updated version.
Linux kernel through 4.17.11 has an issue, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S fails to maintain RBX properly, which allows for a Denial of Service (uninitialized memory usage and system crash) caused by a local user. Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or attain escalated privileges.
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump. This enables local users to obtain sensitive information from kernel memory as well as bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
An issue was discovered in the Linux kernel through 4.17.3. The overrun accounting works in a way that causes an Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. Similarly, using crafted mmap, futex, timer_create, and timer_settime system calls, a local user will be enabled to cause a Denial of Service (signed integer flow).
An issue was discovered in the Linux kernel before 4.18.6. The cdrom_ioctl_drive_status faces an information leak in drivers/cdrom/cdrom.c which could be used by local attackers to read kernel memory. It happens because a cast from unsigned long to int interferes with bounds checking.
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7. Exploiting this, local attackers can cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
Oracle Linux 7
Apply updated packages concerning UEK Release 5 (x86-64, mainline Linux Kernel version 4.14.35) or UEK Release 5 (aarch64, mainline Linux Kernel version 4.14.35) via the yum or rpm utility (please see the vendor’s advisory for the packages).
If you think you’re a victim of a cyber-attack, immediately send an email to email@example.com.