OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0167)

high Nessus Plugin ID 104453
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 8.9


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug:

- xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013241]

- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988633] (CVE-2017-14489)

- nvme: honor RTD3 Entry Latency for shutdowns (Martin K.

- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27013220] (CVE-2017-7542)

- udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 27013227] (CVE-2017-1000112)

- drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943884]

- tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26923675]

- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899775] (CVE-2017-10661)

- kvm: nVMX: Don't allow L2 to access the hardware CR8 (Jim Mattson) (CVE-2017-12154) (CVE-2017-12154)

- brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx (Tim Tianyang Chen) [Orabug:
26880590] (CVE-2017-7541)

- crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 26916575] (CVE-2017-7618)

- ovl: use O_LARGEFILE in ovl_copy_up (David Howells) [Orabug: 25953280]

- rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug:
26880508] (CVE-2017-7482) (CVE-2017-7482)

- tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813385] (CVE-2017-14106)


Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

Plugin Details

Severity: High

ID: 104453

File Name: oraclevm_OVMSA-2017-0167.nasl

Version: 3.7

Type: local

Published: 11/8/2017

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 8.9

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.4

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/7/2017

Vulnerability Publication Date: 4/10/2017

Exploitable With

Core Impact

Metasploit (Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation)

Reference Information

CVE: CVE-2017-1000112, CVE-2017-10661, CVE-2017-12154, CVE-2017-14106, CVE-2017-14489, CVE-2017-7482, CVE-2017-7541, CVE-2017-7542, CVE-2017-7618