This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote OracleVM host is missing one or more security updates.
The remote OracleVM system is missing necessary patches to address
critical security updates :
- x86: rate-limit logging in do_xen[oprof,pmu]_op Some of
the sub-ops are acessible to all guests, and hence
should be rate-limited. In the xenoprof case, just like
for XSA-146, include them only in debug builds. Since
the vPMU code is rather new, allow them to be always
present, but downgrade them to (rate limited) guest
messages. This is XSA-152. (CVE-2015-7971)
- xenoprof: free domain's vcpu array This was overlooked
in fb442e2171 ('x86_64: allow more vCPU-s per guest').
This is XSA-151. (CVE-2015-7969)
- x86: guard against undue super page PTE creation When
optional super page support got added (commit bd1cd81d64
'x86: PV support for hugepages'), two adjustments were
missed: mod_l2_entry needs to consider the PSE and RW
bits when deciding whether to use the fast path, and the
PSE bit must not be removed from L2_DISALLOW_MASK
unconditionally. This is XSA-148.
[backport to Xen 4.1] (CVE-2015-7835)
See also :
Update the affected xen / xen-devel / xen-tools packages.
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.3
Public Exploit Available : false