OracleVM 3.2 : xen (OVMSA-2017-0009)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- From: Jan Beulich Subject: x86: force EFLAGS.IF on when
exiting to PV guests Guest kernels modifying
instructions in the process of being emulated for
another of their vCPU-s may effect EFLAGS.IF to be
cleared upon next exiting to guest context, by
converting the being emulated instruction to CLI (at the
right point in time). Prevent any such bad effects by
always forcing EFLAGS.IF on. And to cover hypothetical
other similar issues, also force EFLAGS.[IOPL,NT,VM] to
zero. This is XSA-202.

Conflict: xen/arch/x86/x86_64/compat/entry.S
(CVE-2016-10024)

- From 4d246723a85a03406e4969a260291e11b8e05960 Mon Sep 17
00:00:00 2001 x86: use MOV instead of PUSH/POP when
saving/restoring register state (CVE-2016-10024)

- From: Andrew Cooper Date: Sun, 18 Dec 2016 15:42:59
+0000 Subject: [PATCH] x86/emul: Correct the handling of
eflags with SYSCALL A singlestep #DB is determined by
the resulting eflags value from the execution of
SYSCALL, not the original eflags value. By using the
original eflags value, we negate the guest kernels
attempt to protect itself from a privilege escalation by
masking TF. Introduce a tf boolean and have the SYSCALL
emulation recalculate it after the instruction is
complete. This is XSA-204

Conflict: xen/arch/x86/x86_emulate/x86_emulate.c
(CVE-2016-10013)

See also :

http://www.nessus.org/u?ddde1577

Solution :

Update the affected xen / xen-devel / xen-tools packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 4.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 96522 ()

Bugtraq ID:

CVE ID: CVE-2016-10013
CVE-2016-10024

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now