OracleVM 3.4 : xen (OVMSA-2017-0116)

High Nessus Plugin ID 101195

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.5

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- BUILDINFO: xen commit=74b662e79bc874fe8ad8a93d2891e6569c380004

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- gnttab: __gnttab_unmap_common_complete is all-or-nothing (Jan Beulich) [Orabug: 26288614]

- gnttab: correct logic to get page references during map requests (George Dunlap) [Orabug: 26288614]

- gnttab: never create host mapping unless asked to (Jan Beulich)

- gnttab: Fix handling of dev_bus_addr during unmap (George Dunlap)

- x86/shadow: Hold references for the duration of emulated writes (Andrew Cooper) [Orabug: 26288568]

- x86/mm: disallow page stealing from HVM domains (Jan Beulich)

- guest_physmap_remove_page needs its return value checked (Jan Beulich) [Orabug: 26288602]

- xen/memory: Fix return value handing of guest_remove_page (Andrew Cooper) [Orabug: 26288602]

- evtchn: avoid NULL derefs (Jan Beulich) [Orabug:
26288583]

- gnttab: correct maptrack table accesses (Jan Beulich) [Orabug: 26288557]

- gnttab: Avoid potential double-put of maptrack entry (George Dunlap)

- gnttab: fix unmap pin accounting race (Jan Beulich) [Orabug: 26288557]

- IOMMU: handle IOMMU mapping and unmapping failures (Quan Xu) [Orabug: 26288557]

- xen/disk: don't leak stack data via response ring (Jan Beulich)

- BUILDINFO: xen commit=7b45c3eb48a884f56f072a97a9a8da4d0b1077ed

- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- livepatch: Wrong usage of spinlock on debug console.
(Konrad Rzeszutek Wilk) [Orabug: 26248311]

- BUILDINFO: xen commit=40e21e7aea2b8bbc991346c3f516dfac4f94affe

- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86/do_invalid_op should use is_active_kernel_text rather than having its (Konrad Rzeszutek Wilk) [Orabug:
26129273]

- BUILDINFO: xen commit=0eadc919cf32139e5565e0d869ed09f35c0a3212

- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- kexec: Add spinlock for the whole hypercall. (Konrad Rzeszutek Wilk)

- kexec: clear kexec_image slot when unloading kexec image (Bhavesh Davda) [Orabug: 25861742]

- BUILDINFO: xen commit=8b90d66cd941599d50ee80e14fd144e337814bf6

- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86: correct create_bounce_frame (tagged with CVE number) (Boris Ostrovsky) [Orabug: 25927739] (CVE-2017-8905)

- x86: discard type information when stealing pages (tagged with CVE number) (Boris Ostrovsky) [Orabug:
25927669] (CVE-2017-8904)

- multicall: deal with early exit conditions (tagged with CVE number) (Boris Ostrovsky) [Orabug: 25927592] (CVE-2017-8903)

- BUILDINFO: xen commit=583dedab5ceddbae4d0384de0ade8feeee75f78c

- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- tools/libxc: Set max_elem to zero in xc_lockprof_query_number (Boris Ostrovsky) [Orabug:
26020611]

Solution

Update the affected xen / xen-tools packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2017-June/000744.html

Plugin Details

Severity: High

ID: 101195

File Name: oraclevm_OVMSA-2017-0116.nasl

Version: 3.6

Type: local

Published: 2017/07/03

Updated: 2019/09/27

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.5

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/06/30

Vulnerability Publication Date: 2017/05/11

Reference Information

CVE: CVE-2017-8903, CVE-2017-8904, CVE-2017-8905