OracleVM 3.2 / 3.3 / 3.4 : xen (OVMSA-2017-0162)

critical Nessus Plugin ID 104201

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

- BUILDINFO: xen commit=41067cbb7a1ecab6aa2ca0d8d40a4c9f36c5e76e

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86/cpu: fix IST handling during PCPU bringup (Andrew Cooper) [Orabug: 26901421] (CVE-2017-15594)

- x86/shadow: Don't create self-linear shadow mappings for 4-level translated guests (Andrew Cooper) [Orabug:
26901413] (CVE-2017-15592)

- x86: Disable the use of auto-translated PV guests (Andrew Cooper) [Orabug: 26901413] (CVE-2017-15592)

- x86: don't allow page_unlock to drop the last type reference (Jan Beulich) [Orabug: 26901401] (CVE-2017-15593)

- x86: don't store possibly stale TLB flush time stamp (Jan Beulich) [Orabug: 26901391] (CVE-2017-15588)

- x86/mm: Disable PV linear pagetables by default (George Dunlap) [Orabug: 26901363] (CVE-2017-15595)

- x86: limit linear page table use to a single level (Jan Beulich) [Orabug: 26901363] (CVE-2017-15595)

- x86/HVM: prefill partially used variable on emulation paths (Jan Beulich) [Orabug: 26901338] (CVE-2017-15589)

- x86/FLASK: fix unmap-domain-IRQ XSM hook (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- x86/IRQ: conditionally preserve irq <-> pirq mapping on map error paths (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- x86/MSI: disallow redundant enabling (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- x86: enforce proper privilege when (un)mapping pIRQ-s (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- x86: don't allow MSI pIRQ mapping on unowned device (Jan Beulich) [Orabug: 26901311] (CVE-2017-15590)

- gnttab: fix pin count / page reference race (Jan Beulich) [Orabug: 26901277] (CVE-2017-15597)

Solution

Update the affected xen / xen-devel / xen-tools packages.

See Also

http://www.nessus.org/u?148c4cad

http://www.nessus.org/u?5c58c23c

http://www.nessus.org/u?47e18437

Plugin Details

Severity: Critical

ID: 104201

File Name: oraclevm_OVMSA-2017-0162.nasl

Version: 3.9

Type: local

Published: 10/27/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.2, cpe:/o:oracle:vm_server:3.3, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/26/2017

Vulnerability Publication Date: 10/18/2017

Reference Information

CVE: CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-15597