OracleVM 3.2 / 3.3 / 3.4 : xen (OVMSA-2017-0162)

High Nessus Plugin ID 104201

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

- BUILDINFO: xen commit=41067cbb7a1ecab6aa2ca0d8d40a4c9f36c5e76e

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86/cpu: fix IST handling during PCPU bringup (Andrew Cooper) [Orabug: 26901421] (CVE-2017-15594)

- x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests (Andrew Cooper) [Orabug:
26901413] (CVE-2017-15592)

- x86: Disable the use of auto-translated PV guests (Andrew Cooper) [Orabug: 26901413] (CVE-2017-15592)

- x86: don't allow page_unlock to drop the last type reference (Jan Beulich) [Orabug: 26901401] (CVE-2017-15593)

- x86: don't store possibly stale TLB flush time stamp (Jan Beulich) [Orabug: 26901391] (CVE-2017-15588)

- x86/mm: Disable PV linear pagetables by default (George Dunlap) [Orabug: 26901363] (CVE-2017-15595)

- x86: limit linear page table use to a single level (Jan Beulich) [Orabug: 26901363] (CVE-2017-15595)

- x86/HVM: prefill partially used variable on emulation paths (Jan Beulich) [Orabug: 26901338] (CVE-2017-15589)

- x86/FLASK: fix unmap-domain-IRQ XSM hook (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- x86/MSI: disallow redundant enabling (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- x86: enforce proper privilege when (un)mapping pIRQ-s (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- x86: don't allow MSI pIRQ mapping on unowned device (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- gnttab: fix pin count / page reference race (Jan Beulich) [Orabug: 26901277] (CVE-2017-15597)

Solution

Update the affected xen / xen-devel / xen-tools packages.

See Also

http://www.nessus.org/u?148c4cad

http://www.nessus.org/u?5c58c23c

http://www.nessus.org/u?47e18437

Plugin Details

Severity: High

ID: 104201

File Name: oraclevm_OVMSA-2017-0162.nasl

Version: $Revision: 3.5 $

Type: local

Published: 2017/10/27

Modified: 2018/01/29

Dependencies: 12634

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.2, cpe:/o:oracle:vm_server:3.3, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/10/26

Reference Information

CVE: CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-15597