OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0104)

critical Nessus Plugin ID 100236
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- ipv6: catch a null skb before using it in a DTRACE (Shannon Nelson)

- sparc64: Do not retain old VM_SPARC_ADI flag when protection changes on page (Khalid Aziz) [Orabug:
26038830]

- nfsd: stricter decoding of write-like NFSv2/v3 ops (J.
Bruce Fields) [Orabug: 25986971] (CVE-2017-7895)

- sparc64: Detect DAX ra+pgsz when hvapi minor doesn't indicate it (Rob Gardner) [Orabug: 25997533]

- sparc64: DAX memory will use RA+PGSZ feature in HV (Rob Gardner)

- sparc64: Disable DAX flow control (Rob Gardner) [Orabug:
25997226]

- sparc64: DAX memory needs persistent mappings (Rob Gardner) [Orabug: 25997137]

- sparc64: Fix incorrect error print in DAX driver when validating ccb (Sanath Kumar) [Orabug: 25996975]

- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823]

- sparc64: DAX request to mmap non 4MB memory should fail with a debug print (Sanath Kumar) [Orabug: 25996823]

- sparc64: DAX request for non 4MB memory should return with unique errno (Sanath Kumar) [Orabug: 25996823]

- sparc64: Incorrect print by DAX driver when old driver API is used (Sanath Kumar) [Orabug: 25996790]

- sparc64: DAX request to dequeue half of a long CCB should not succeed (Sanath Kumar) [Orabug: 25996747]

- sparc64: dax_overflow_check reports incorrect data (Sanath Kumar)

- sparc64: Ignored DAX ref count causes lockup (Rob Gardner) [Orabug: 25996628]

- sparc64: disable dax page range checking on RA (Rob Gardner) [Orabug: 25996546]

- sparc64: Oracle Data Analytics Accelerator (DAX) driver (Sanath Kumar) [Orabug: 25996522]

- sparc64: Add DAX hypervisor services (Allen Pais) [Orabug: 25996475]

- sparc64: create/destroy cpu sysfs dynamically (Atish Patra) [Orabug: 21775890] [Orabug: 25216469]

- megaraid: Fix unaligned warning (Allen Pais) [Orabug:
24817799]

- Re-enable SDP for uek-nano kernel (Ashok Vairavan) [Orabug: 25968572]

- xsigo: Compute node crash on FC failover (Pradeep Gopanapalli)

- NVMe: Set affinity after allocating request queues (Keith Busch)

- nvme: use an integer value to Linux errno values (Christoph Hellwig)

- blk-mq: fix racy updates of rq->errors (Christoph Hellwig) [Orabug: 25945973]

- x86/apic: Handle zero vector gracefully in clear_vector_irq (Keith Busch) [Orabug: 24515998]

- PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug: 24819170]

- PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug: 24819170]

- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25525433]

- Btrfs: don't BUG_ON in btrfs_orphan_add (Josef Bacik) [Orabug: 25534945]

- Btrfs: clarify do_chunk_alloc's return value (Liu Bo) [Orabug: 25534945]

- btrfs: flush_space: treat return value of do_chunk_alloc properly (Alex Lyakas) [Orabug: 25534945]

- Revert '[SCSI] libiscsi: Reduce locking contention in fast path' (Ashish Samant) [Orabug: 25721518]

- qla2xxx: Allow vref count to timeout on vport delete.
(Joe Carnuccio) [Orabug: 25862953]

- Drivers: hv: kvp: fix IP Failover (Vitaly Kuznetsov) [Orabug: 25866691]

- Drivers: hv: util: Pass the channel information during the init call (K. Y. Srinivasan) [Orabug: 25866691]

- Drivers: hv: utils: run polling callback always in interrupt context (Olaf Hering) [Orabug: 25866691]

- Drivers: hv: util: Increase the timeout for util services (K. Y. Srinivasan) [Orabug: 25866691]

- Drivers: hv: kvp: check kzalloc return value (Vitaly Kuznetsov)

- Drivers: hv: fcopy: dynamically allocate smsg_out in fcopy_send_data (Vitaly Kuznetsov)

- Drivers: hv: vss: full handshake support (Vitaly Kuznetsov) [Orabug: 25866691]

- xen: Make VPMU init message look less scary (Juergen Gross) [Orabug: 25873416]

- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876652] (CVE-2016-10229)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2017-May/000726.html

Plugin Details

Severity: Critical

ID: 100236

File Name: oraclevm_OVMSA-2017-0104.nasl

Version: 3.6

Type: local

Published: 5/17/2017

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/16/2017

Vulnerability Publication Date: 4/4/2017

Reference Information

CVE: CVE-2016-10229, CVE-2017-7895