OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0158) (Dirty COW)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds)
[Orabug: 24928646] (CVE-2016-5195)

- HID: hiddev: validate num_values for HIDIOCGUSAGES,
HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24798694]
(CVE-2016-5829)

- Revert 'rds: skip rx/tx work when destroying connection'
(Brian Maly) [Orabug: 24790158]

- netfilter: x_tables: speed up jump target validation
(Florian Westphal) [Orabug: 24690302] (CVE-2016-3134)

- netfilter: x_tables: enforce nul-terminated table name
from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug:
24690302] (CVE-2016-3134)

- netfilter: remove unused comefrom hookmask argument
(Florian Westphal) [Orabug: 24690302] (CVE-2016-3134)

- netfilter: x_tables: introduce and use
xt_copy_counters_from_user (Florian Westphal) [Orabug:
24690302] (CVE-2016-3134)

- netfilter: x_tables: do compat validation via
translate_table (Florian Westphal) [Orabug: 24690302]
(CVE-2016-3134)

- netfilter: x_tables: xt_compat_match_from_user doesn't
need a retval (Florian Westphal) [Orabug: 24690302]
(CVE-2016-3134)

- netfilter: ip6_tables: simplify translate_compat_table
args (Florian Westphal) [Orabug: 24690302]
(CVE-2016-3134)

- netfilter: ip_tables: simplify translate_compat_table
args (Florian Westphal) [Orabug: 24690302]
(CVE-2016-3134)

- netfilter: arp_tables: simplify translate_compat_table
args (Florian Westphal) [Orabug: 24690302]
(CVE-2016-3134)

- netfilter: x_tables: don't reject valid target size on
some architectures (Florian Westphal) [Orabug: 24690302]
(CVE-2016-3134)

- netfilter: x_tables: validate all offsets and sizes in a
rule (Florian Westphal) [Orabug: 24690302]
(CVE-2016-3134)

- netfilter: x_tables: check for bogus target offset
(Florian Westphal) [Orabug: 24690302] (CVE-2016-3134)

- netfilter: x_tables: check standard target size too
(Florian Westphal) [Orabug: 24690302] (CVE-2016-3134)

- netfilter: x_tables: add compat version of
xt_check_entry_offsets (Florian Westphal) [Orabug:
24690302] (CVE-2016-3134)

- netfilter: x_tables: assert minimum target size (Florian
Westphal) [Orabug: 24690302] (CVE-2016-3134)

- netfilter: x_tables: kill check_entry helper (Florian
Westphal) [Orabug: 24690302] (CVE-2016-3134)

- netfilter: x_tables: add and use xt_check_entry_offsets
(Florian Westphal) [Orabug: 24690302] (CVE-2016-3134)

- netfilter: x_tables: validate targets of jumps (Florian
Westphal) [Orabug: 24690302] (CVE-2016-3134)

- netfilter: x_tables: fix unconditional helper (Florian
Westphal) [Orabug: 24690302] (CVE-2016-3134)

- netfilter: x_tables: validate targets of jumps (Florian
Westphal) [Orabug: 24690302] (CVE-2016-3134)

- netfilter: x_tables: don't move to non-existent next
rule (Florian Westphal) [Orabug: 24690302]
(CVE-2016-3134)

- netfilter: x_tables: fix unconditional helper (Florian
Westphal) [Orabug: 24690302] (CVE-2016-3134)

- netfilter: x_tables: check for size overflow (Florian
Westphal) [Orabug: 24690302] (CVE-2016-3134)

- ocfs2: Fix double put of recount tree in
ocfs2_lock_refcount_tree (Ashish Samant) [Orabug:
24587406]

- TTY: do not reset master's packet mode (Jiri Slaby)
[Orabug: 24569399]

- ocfs2: Fix start offset to ocfs2_zero_range_for_truncate
(Ashish Samant) [Orabug: 24500401]

- rds: skip rx/tx work when destroying connection (Wengang
Wang)

- Revert 'IPoIB: serialize changing on tx_outstanding'
(Wengang Wang)

- xen/events: document behaviour when scanning the start
word for events (Dongli Zhang) [Orabug: 23083945]

- xen/events: mask events when changing their VCPU binding
(Dongli Zhang) [Orabug: 23083945]

- xen/events: initialize local per-cpu mask for all
possible events (Dongli Zhang) [Orabug: 23083945]

- IB/mlx4: Replace kfree with kvfree in
mlx4_ib_destroy_srq (Wengang Wang) [Orabug: 22570922]

- NFS: Remove BUG_ON calls from the generic writeback code
(Trond Myklebust) [Orabug: 22386565]

- ocfs2: return non-zero st_blocks for inline data (John
Haxby)

- oracleasm: Classify device connectivity issues as global
errors (Martin K. Petersen) [Orabug: 21760143]

- Btrfs: fix truncation of compressed and inlined extents
(Divya Indi) [Orabug: 22307286] (CVE-2015-8374)

- Btrfs: fix file corruption and data loss after cloning
inline extents (Divya Indi) [Orabug: 22307286]
(CVE-2015-8374)

- netfilter: x_tables: make sure e->next_offset covers
remaining blob size (Florian Westphal) [Orabug:
24682073] (CVE-2016-4997) (CVE-2016-4998)

- netfilter: x_tables: validate e->target_offset early
(Florian Westphal) [Orabug: 24682071] (CVE-2016-4997)
(CVE-2016-4998)

- rds: schedule local connection activity in proper
workqueue (Ajaykumar Hotchandani) [Orabug: 22819661]

- ib_core: make wait_event uninterruptible in
ib_flush_fmr_pool (Avinash Repaka) [Orabug: 24525022]

- net/mlx4: Support shutdown interface (Ajaykumar
Hotchandani)

- KEYS: potential uninitialized variable (Dan Carpenter)
[Orabug: 24393863] (CVE-2016-4470)

- atl2: Disable unimplemented scatter/gather feature (Ben
Hutchings) [Orabug: 23703990] (CVE-2016-2117)

- mlx4_core: add module parameter to disable background
init (Mukesh Kacker) [Orabug: 23292107]

- NFSv4: Don't decode fs_locations if we didn't ask for
them... (Trond Myklebust) [Orabug: 23633714]

- mm/slab: Improve performance of slabinfo stats gathering
(Aruna Ramakrishna) [Orabug: 23050884]

- offload ib subnet manager port and node get info query
handling. (Rama Nichanamatlu) [Orabug: 22521735]

- fix typo/thinko in get_random_bytes (Tony Luck) [Orabug:
23726807]

See also :

http://www.nessus.org/u?77f7352c

Solution :

Update the affected kernel-uek / kernel-uek-firmware packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.5
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 94929 ()

Bugtraq ID:

CVE ID: CVE-2015-8374
CVE-2016-2117
CVE-2016-3134
CVE-2016-4470
CVE-2016-4997
CVE-2016-4998
CVE-2016-5195
CVE-2016-5829

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now