OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0167)

high Nessus Plugin ID 104453
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug:

- xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013241]

- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988633] (CVE-2017-14489)

- nvme: honor RTD3 Entry Latency for shutdowns (Martin K.

- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27013220] (CVE-2017-7542)

- udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 27013227] (CVE-2017-1000112)

- drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943884]

- tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26923675]

- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899775] (CVE-2017-10661)

- kvm: nVMX: Don't allow L2 to access the hardware CR8 (Jim Mattson) (CVE-2017-12154) (CVE-2017-12154)

- brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx (Tim Tianyang Chen) [Orabug:
26880590] (CVE-2017-7541)

- crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 26916575] (CVE-2017-7618)

- ovl: use O_LARGEFILE in ovl_copy_up (David Howells) [Orabug: 25953280]

- rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug:
26880508] (CVE-2017-7482) (CVE-2017-7482)

- tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813385] (CVE-2017-14106)


Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

Plugin Details

Severity: High

ID: 104453

File Name: oraclevm_OVMSA-2017-0167.nasl

Version: 3.7

Type: local

Published: 11/8/2017

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Critical

Score: 9.6


Risk Factor: High

Base Score: 7.8

Temporal Score: 6.4

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:F/RL:OF/RC:C


Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/7/2017

Vulnerability Publication Date: 4/10/2017

Exploitable With

Core Impact

Metasploit (Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation)

Reference Information

CVE: CVE-2017-1000112, CVE-2017-10661, CVE-2017-12154, CVE-2017-14106, CVE-2017-14489, CVE-2017-7482, CVE-2017-7541, CVE-2017-7542, CVE-2017-7618