OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0017) (Meltdown)

This script is Copyright (C) 2018 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- drivers/char/mem.c: deny access in open operation when
securelevel is set (Ethan Zhao) [Orabug: 27234850]
[Orabug: 27234850]

- hugetlb: fix nr_pmds accounting with shared page tables
(Kirill A. Shutemov) [Orabug: 26988581]

- x86/IBRS: Drop unnecessary WRITE_ONCE (Boris Ostrovsky)
[Orabug: 27416198]

- x86/IBRS: Don't try to change IBRS mode if IBRS is not
available (Boris Ostrovsky) [Orabug: 27416198]

- x86/IBRS: Remove support for IBRS_ENABLED_USER mode
(Boris Ostrovsky)

- x86: Include linux/device.h in bugs_64.c (Boris
Ostrovsky) [Orabug: 27418896]

- x86/spectre: Drop the warning about ibrs being obsolete.
(Konrad Rzeszutek Wilk)

- x86/spec: Don't print the Missing arguments for option
spectre_v2. (Konrad Rzeszutek Wilk)

- x86/spec: Also print IBRS if IBPB is disabled. (Konrad
Rzeszutek Wilk)

- x86/IBPB: Provide debugfs interface for changing IBPB
mode (Boris Ostrovsky) [Orabug: 27449065]

- xen: Make PV Dom0 Linux kernel NUMA aware (Elena
Ufimtseva)

- net/rds: Fix incorrect error handling (H&aring kon
Bugge) [Orabug: 26848729]

- net/rds: use multiple sge than buddy allocation in
congestion code (Wei Lin Guay) [Orabug: 26848729]

- Revert 'RDS: fix the sg allocation based on actual
message size' (Wei Lin Guay) [Orabug: 26848729]

- Revert 'RDS: avoid large pages for sg allocation for TCP
transport' (Wei Lin Guay) [Orabug: 26848729]

- Revert 'net/rds: Reduce memory footprint in rds_sendmsg'
(Wei Lin Guay) [Orabug: 26848729]

- net/rds: reduce memory footprint during ib_post_recv in
IB transport (Wei Lin Guay) [Orabug: 26848729]

- net/rds: reduce memory footprint during rds_sendmsg with
IB transport (Wei Lin Guay) [Orabug: 26848729]

- net/rds: set the rds_ib_init_frag based on supported sge
(Wei Lin Guay) [Orabug: 26848729]

- bnxt_en: Fix possible corrupted NVRAM parameters from
firmware response. (Michael Chan) [Orabug: 27199588]

- x86, kasan: Fix build failure on KASAN=y && KMEMCHECK=y
kernels (Andrey Ryabinin) [Orabug: 27255122]

- x86, efi, kasan: Fix build failure on !KASAN &&
KMEMCHECK=y kernels (Andrey Ryabinin) [Orabug: 27255122]

- x86, efi, kasan: #undef memset/memcpy/memmove per arch
(Andrey Ryabinin) [Orabug: 27255122]

- Revert 'Makefile: Build with -Werror=date-time if the
compiler supports it' (Gayatri Vasudevan) [Orabug:
27255122]

- dccp: CVE-2017-8824: use-after-free in DCCP code
(Mohamed Ghannam) [Orabug: 27290300] (CVE-2017-8824)

- x86/efi: Initialize and display UEFI secure boot state a
bit later during init (Daniel Kiper) [Orabug: 27309477]

- x86/espfix: Init espfix on the boot CPU side (Zhu
Guihua) [Orabug: 27344552]

- x86/espfix: Add 'cpu' parameter to init_espfix_ap (Zhu
Guihua)

- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser)
[Orabug: 27344841] (CVE-2017-0861) (CVE-2017-0861)

- fs/ocfs2: remove page cache for converted direct write
(Wengang Wang)

- Revert 'ocfs2: code clean up for direct io' (Wengang
Wang)

- assoc_array: Fix a buggy node-splitting case (David
Howells) [Orabug: 27364592] (CVE-2017-12193)
(CVE-2017-12193)

- Sanitize 'move_pages' permission checks (Linus Torvalds)
[Orabug: 27364690] (CVE-2017-14140)

- pti: compile fix for when PTI is disabled (Pavel
Tatashin) [Orabug: 27383147] (CVE-2017-5754)

- sctp: do not peel off an assoc from one netns to another
one (Xin Long) [Orabug: 27386999] (CVE-2017-15115)

- net: ipv4: fix for a race condition in raw_sendmsg
(Mohamed Ghannam) [Orabug: 27390682] (CVE-2017-17712)

- mlx4: add mstflint secure boot access kernel support
(Qing Huang)

- x86: Move STUFF_RSB in to the idt macro (Konrad
Rzeszutek Wilk)

- x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad
Rzeszutek Wilk)

- x86: Move ENABLE_IBRS in the interrupt macro. (Konrad
Rzeszutek Wilk)

See also :

http://www.nessus.org/u?f9702f90

Solution :

Update the affected kernel-uek / kernel-uek-firmware packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 106706 ()

Bugtraq ID:

CVE ID: CVE-2017-0861
CVE-2017-12193
CVE-2017-14140
CVE-2017-15115
CVE-2017-17712
CVE-2017-5754
CVE-2017-8824

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now