OracleVM 3.4 : xen (OVMSA-2018-0021) (Meltdown) (Spectre)

high Nessus Plugin ID 107130
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- BUILDINFO: xen commit=b2a6db11ced11291a472bc1bda20ce329eda4d66

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- gnttab: don't blindly free status pages upon version change (Andrew Cooper)&nbsp [Orabug: 27571750]&nbsp (CVE-2018-7541)

- memory: don't implicitly unpin for decrease-reservation (Andrew Cooper)&nbsp [Orabug: 27571737]&nbsp (CVE-2018-7540)

- BUILDINFO: xen commit=873b8236e886daa3c26dae28d0c1c53d88447dc0

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- xend: if secure boot is enabled don't write pci config space (Elena Ufimtseva)&nbsp [Orabug: 27533309]

- BUILDINFO: xen commit=81602116e75b6bbc519366b242c71888aa1b1673

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86/spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- x86: allow easier disabling of BTI mitigations (Zhenzhong Duan) [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- x86/boot: Make alternative patching NMI-safe (Andrew Cooper) [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- xen/cmdline: Fix parse_boolean for unadorned values (Andrew Cooper)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- Optimize the context switch code a bit (Zhenzhong Duan)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- Update init_speculation_mitigations to upstream's (Zhenzhong Duan)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- x86/entry: Avoid using alternatives in NMI/#MC paths (Andrew Cooper)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- Update RSB related implementation to upstream ones (Zhenzhong Duan)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- BUILDINFO: xen commit=c6a2fe8d72a3eba01b22cbe495e60cb6837fe8d0

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (redux) (Konrad Rzeszutek Wilk)&nbsp [Orabug:
27445678]

- BUILDINFO: xen commit=9657d91fcbf49798d2c5135866e1947113d536dc

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86/Spectre: Set thunk to THUNK_NONE if compiler support is not available (Boris Ostrovsky)&nbsp [Orabug:
27375688]

- BUILDINFO: xen commit=4e5826dfcb56d3a868a9934646989f8483f03b3c

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- xen: No dependencies on dracut and microcode_ctl RPMs (Boris Ostrovsky)&nbsp [Orabug: 27409718]

Solution

Update the affected xen / xen-tools packages.

See Also

http://www.nessus.org/u?de7c508d

Plugin Details

Severity: High

ID: 107130

File Name: oraclevm_OVMSA-2018-0021.nasl

Version: 3.9

Type: local

Published: 3/5/2018

Updated: 9/27/2019

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 8.5

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/2/2018

Vulnerability Publication Date: 1/4/2018

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-7540, CVE-2018-7541

IAVA: 2018-A-0019, 2018-A-0020