OracleVM 3.2 / 3.3 / 3.4 : xen (OVMSA-2017-0162)

high Nessus Plugin ID 104201
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 7.3


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

- BUILDINFO: xen commit=41067cbb7a1ecab6aa2ca0d8d40a4c9f36c5e76e

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86/cpu: fix IST handling during PCPU bringup (Andrew Cooper) [Orabug: 26901421] (CVE-2017-15594)

- x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests (Andrew Cooper) [Orabug:
26901413] (CVE-2017-15592)

- x86: Disable the use of auto-translated PV guests (Andrew Cooper) [Orabug: 26901413] (CVE-2017-15592)

- x86: don't allow page_unlock to drop the last type reference (Jan Beulich) [Orabug: 26901401] (CVE-2017-15593)

- x86: don't store possibly stale TLB flush time stamp (Jan Beulich) [Orabug: 26901391] (CVE-2017-15588)

- x86/mm: Disable PV linear pagetables by default (George Dunlap) [Orabug: 26901363] (CVE-2017-15595)

- x86: limit linear page table use to a single level (Jan Beulich) [Orabug: 26901363] (CVE-2017-15595)

- x86/HVM: prefill partially used variable on emulation paths (Jan Beulich) [Orabug: 26901338] (CVE-2017-15589)

- x86/FLASK: fix unmap-domain-IRQ XSM hook (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- x86/MSI: disallow redundant enabling (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- x86: enforce proper privilege when (un)mapping pIRQ-s (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- x86: don't allow MSI pIRQ mapping on unowned device (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- gnttab: fix pin count / page reference race (Jan Beulich) [Orabug: 26901277] (CVE-2017-15597)


Update the affected xen / xen-devel / xen-tools packages.

See Also

Plugin Details

Severity: High

ID: 104201

File Name: oraclevm_OVMSA-2017-0162.nasl

Version: 3.9

Type: local

Published: 10/27/2017

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 7.3

CVSS v2.0

Base Score: 9

Temporal Score: 7

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.2, cpe:/o:oracle:vm_server:3.3, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/26/2017

Vulnerability Publication Date: 10/18/2017

Reference Information

CVE: CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-15597