OracleVM 3.1 : kernel-uek (OVMSA-2012-0042)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Fix bug number for commit 'cciss: Update HPSA_BOUNDARY'
(Joe Jin) [Orabug: 14681166]

- cciss: Update HPSA_BOUNDARY. (Joe Jin) [Orabug:

- KVM: introduce kvm_for_each_memslot macro (Maxim Uvarov)
[Bugdb: 13966]

- dl2k: Clean up rio_ioctl (Jeff Mahoney) [Orabug:
14126896] (CVE-2012-2313)

- NFSv4: include bitmap in nfsv4 get acl data (Andy
Adamson) (CVE-2011-4131)

- KVM: Fix buffer overflow in kvm_set_irq (Avi Kivity)
[Bugdb: 13966] (CVE-2012-2137)

- net: sock: validate data_len before allocating skb in
sock_alloc_send_pskb (Jason Wang) [Bugdb: 13966]

- mm: pmd_read_atomic: fix 32bit PAE pmd walk vs
pmd_populate SMP race condition (Andrea Arcangeli)
[Bugdb: 13966] (CVE-2012-2373)

- KVM: lock slots_lock around device assignment (Alex
Williamson) [Bugdb: 13966] (CVE-2012-2121)

- KVM: unmap pages from the iommu when slots are removed
(Maxim Uvarov) [Bugdb: 13966] (CVE-2012-2121)

- fcaps: clear the same personality flags as suid when
fcaps are used (Eric Paris) [Bugdb: 13966]

- tilegx: enable SYSCALL_WRAPPERS support (Chris Metcalf)

- drm/i915: fix integer overflow in i915_gem_do_execbuffer
(Xi Wang) [Orabug: 14107456] (CVE-2012-2384)

- drm/i915: fix integer overflow in i915_gem_execbuffer2
(Xi Wang) [Orabug: 14107445] (CVE-2012-2383)

- [dm] do not forward ioctls from logical volumes to the
underlying device (Joe Jin) (CVE-2011-4127)

- [block] fail SCSI passthrough ioctls on partition
devices (Joe Jin) (CVE-2011-4127)

- [block] add and use scsi_blk_cmd_ioctl (Joe Jin)
[Orabug: 14056755] (CVE-2011-4127)

- KVM: Ensure all vcpus are consistent with in-kernel
irqchip settings (Avi Kivity) [Bugdb: 13871]

- regset: Return -EFAULT, not -EIO, on host-side memory
fault (H. Peter Anvin) (CVE-2012-1097)

- regset: Prevent null pointer reference on readonly
regsets (H. Peter Anvin) (CVE-2012-1097)

- cifs: fix dentry refcount leak when opening a FIFO on
lookup (Jeff Layton) (CVE-2012-1090)

- mm: thp: fix pmd_bad triggering in code paths holding
mmap_sem read mode (Andrea Arcangeli) (CVE-2012-1179)

- ext4: fix undefined behavior in ext4_fill_flex_info (Xi
Wang) (CVE-2009-4307)

- ocfs2: clear unaligned io flag when dio fails (Junxiao
Bi) [Orabug: 14063941]

- aio: make kiocb->private NUll in init_sync_kiocb
(Junxiao Bi) [Orabug: 14063941]

- igb: Fix for Alt MAC Address feature on 82580 and later
devices (Carolyn Wyborny) [Orabug: 14258706]

- igb: Alternate MAC Address Updates for Func2&3 (Akeem G.
Abodunrin) [Orabug: 14258706]

- igb: Alternate MAC Address EEPROM Updates (Akeem G.
Abodunrin) [Orabug: 14258706]

- cciss: only enable cciss_allow_hpsa when for ol5 (Joe
Jin) [Orabug: 14106006]

- Revert 'cciss: remove controllers supported by hpsa'
(Joe Jin) [Orabug: 14106006]

- [scsi] hpsa: add all support devices for ol5 (Joe Jin)
[Orabug: 14106006]

- Disable VLAN 0 tagging for none VLAN traffic (Adnan
Misherfi) [Orabug: 14406424]

- x86: Add Xen kexec control code size check to linker
script (Daniel Kiper)

- drivers/xen: Export vmcoreinfo through sysfs (Daniel

- x86/xen/enlighten: Add init and crash kexec/kdump hooks
(Maxim Uvarov)

- x86/xen: Add kexec/kdump makefile rules (Daniel Kiper)

- x86/xen: Add x86_64 kexec/kdump implementation (Daniel

- x86/xen: Add placeholder for i386 kexec/kdump
implementation (Daniel Kiper)

- x86/xen: Register resources required by kexec-tools
(Daniel Kiper)

- x86/xen: Introduce architecture dependent data for
kexec/kdump (Daniel Kiper)

- xen: Introduce architecture independent data for
kexec/kdump (Daniel Kiper)

- x86/kexec: Add extra pointers to transition page table
PGD, PUD, PMD and PTE (Daniel Kiper)

- kexec: introduce kexec_ops struct (Daniel Kiper)

- SPEC: replace DEFAULTKERNEL from kernel-ovs to

See also :

Solution :

Update the affected kernel-uek / kernel-uek-firmware packages.

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 6.3
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now