OracleVM 3.0 : xen (OVMSA-2012-0035)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Xen Security Advisory CVE-2012-3433 / XSA-11 HVM guest
destroy p2m teardown host DoS vulnerability An HVM guest
is able to manipulate its physical address space such
that tearing down the guest takes an extended period
amount of time searching for shared pages. This causes
the domain 0 VCPU which tears down the domain to be
blocked in the destroy hypercall. This causes that
domain 0 VCPU to become unavailable and may cause the
domain 0 kernel to panic. There is no requirement for
memory sharing to be in use. From the patch description:
xen: only check for shared pages while any exist on
teardown Avoids worst case behavour when guest has a
large p2m. This is XSA-11 / CVE-2012-nnn

- Xen Security Advisory XSA-10 HVM guest user mode MMIO
emulation DoS vulnerability Internal data of the
emulator for MMIO operations may, under certain rare
conditions, at the end of one emulation cycle be left in
a state affecting a subsequent emulation such that this
second emulation would fail, causing an exception to be
reported to the guest kernel where none is expected.
NOTE: No CVE number! The patch description is as follow:
x86/hvm: don't leave emulator in inconsistent state The
fact that handle_mmio, and thus the instruction
emulator, is being run through twice for emulations that
require involvement of the device model, allows for the
second run to see a different guest state than the first
one. Since only the MMIO-specific emulation routines
update the vCPU's io_state, if they get invoked on the
second pass, internal state (and particularly this
variable) can be left in a state making successful
emulation of a subsequent MMIO operation impossible.
Consequently, whenever the emulator invocation returns
without requesting a retry of the guest instruction,
reset io_state.

See also :

http://www.nessus.org/u?5ef1f869

Solution :

Update the affected xen / xen-devel / xen-tools packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79480 ()

Bugtraq ID: 54942

CVE ID: CVE-2012-3433

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now