OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0172) (Dirty COW)

high Nessus Plugin ID 105146

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- mm, thp: Do not make page table dirty unconditionally in follow_trans_huge_pmd (Kirill A. Shutemov) [Orabug:
27200879] (CVE-2017-1000405)

- NFS: Add static NFS I/O tracepoints (Chuck Lever)

- storvsc: don't assume SG list is contiguous (Aruna Ramakrishna)

- fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069038] (CVE-2017-12190)

- more bio_map_user_iov leak fixes (Al Viro) [Orabug:
27069038] (CVE-2017-12190)

- packet: in packet_do_bind, test fanout with bind_lock held (Willem de Bruijn) [Orabug: 27069065] (CVE-2017-15649)

- packet: hold bind lock when rebinding to fanout hook (Willem de Bruijn) [Orabug: 27069065] (CVE-2017-15649)

- net: convert packet_fanout.sk_ref from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 27069065] (CVE-2017-15649)

- packet: fix races in fanout_add (Eric Dumazet) [Orabug:
27069065] (CVE-2017-15649)

- refcount_t: Introduce a special purpose refcount type (Peter Zijlstra) [Orabug: 27069065] (CVE-2017-15649)

- locking/atomics: Add _[acquire|release|relaxed] variants of some atomic operations (Will Deacon) [Orabug:
27069065] (CVE-2017-15649)

- net: qmi_wwan: fix divide by 0 on bad descriptors (Bj&oslash rn Mork) [Orabug: 27215225] (CVE-2017-16650)

- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148276] (CVE-2017-16527)

- scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D. Milne) [Orabug: 27187217]

- ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 27126129]

- scsi: Don't abort scsi_scan due to unexpected response (John Sobecki)

- ocfs2: code clean up for direct io (Ryan Ding)

- xscore: add dma address check (Zhu Yanjun) [Orabug:
27076919]

- KVM: nVMX: Fix loss of L2's NMI blocking state (Wanpeng Li) [Orabug: 27062498]

- KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27062498]

- KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27062498]

- KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27062498]

- uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard)

- thp: run vma_adjust_trans_huge outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 27026180]

- selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001717] (CVE-2017-2618) (CVE-2017-2618) (CVE-2017-2618)

- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036903] (CVE-2016-9191) (CVE-2016-9191) (CVE-2016-9191)

- KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050248] (CVE-2017-12192)

- IB/ipoib: For sendonly join free the multicast group on leave (Christoph Lameter) [Orabug: 27077718]

- IB/ipoib: increase the max mcast backlog queue (Doug Ledford)

- IB/ipoib: Make sendonly multicast joins create the mcast group (Doug Ledford) [Orabug: 27077718]

- IB/ipoib: Expire sendonly multicast joins (Christoph Lameter)

- IB/ipoib: Suppress warning for send only join failures (Jason Gunthorpe) [Orabug: 27077718]

- IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug: 27077718]

- netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077944]

- netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077944]

- netns: use a spin_lock to protect nsid management (Nicolas Dichtel)

- netns: notify new nsid outside __peernet2id (Nicolas Dichtel)

- netns: rename peernet2id to peernet2id_alloc (Nicolas Dichtel)

- netns: always provide the id to rtnl_net_fill (Nicolas Dichtel)

- netns: returns always an id in __peernet2id (Nicolas Dichtel)

- Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro)

- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug:
27037811]

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?9044d20e

Plugin Details

Severity: High

ID: 105146

File Name: oraclevm_OVMSA-2017-0172.nasl

Version: 3.6

Type: local

Published: 12/11/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/8/2017

Vulnerability Publication Date: 11/28/2016

Reference Information

CVE: CVE-2016-9191, CVE-2017-1000405, CVE-2017-12190, CVE-2017-12192, CVE-2017-15649, CVE-2017-16527, CVE-2017-16650, CVE-2017-2618