OracleVM 3.4 : xen (OVMSA-2018-0021) (Meltdown) (Spectre)

Medium Nessus Plugin ID 107130

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- BUILDINFO: xen commit=b2a6db11ced11291a472bc1bda20ce329eda4d66

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- gnttab: don't blindly free status pages upon version change (Andrew Cooper)&nbsp [Orabug: 27571750]&nbsp (CVE-2018-7541)

- memory: don't implicitly unpin for decrease-reservation (Andrew Cooper)&nbsp [Orabug: 27571737]&nbsp (CVE-2018-7540)

- BUILDINFO: xen commit=873b8236e886daa3c26dae28d0c1c53d88447dc0

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- xend: if secure boot is enabled don't write pci config space (Elena Ufimtseva)&nbsp [Orabug: 27533309]

- BUILDINFO: xen commit=81602116e75b6bbc519366b242c71888aa1b1673

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86/spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST (Andrew Cooper)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- x86: allow easier disabling of BTI mitigations (Zhenzhong Duan) [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- x86/boot: Make alternative patching NMI-safe (Andrew Cooper) [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- xen/cmdline: Fix parse_boolean for unadorned values (Andrew Cooper)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- Optimize the context switch code a bit (Zhenzhong Duan)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- Update init_speculation_mitigations to upstream's (Zhenzhong Duan)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- x86/entry: Avoid using alternatives in NMI/#MC paths (Andrew Cooper)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- Update RSB related implementation to upstream ones (Zhenzhong Duan)&nbsp [Orabug: 27553376]&nbsp (CVE-2017-5753) (CVE-2017-5715) (CVE-2017-5754)

- BUILDINFO: xen commit=c6a2fe8d72a3eba01b22cbe495e60cb6837fe8d0

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (redux) (Konrad Rzeszutek Wilk)&nbsp [Orabug:
27445678]

- BUILDINFO: xen commit=9657d91fcbf49798d2c5135866e1947113d536dc

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86/Spectre: Set thunk to THUNK_NONE if compiler support is not available (Boris Ostrovsky)&nbsp [Orabug:
27375688]

- BUILDINFO: xen commit=4e5826dfcb56d3a868a9934646989f8483f03b3c

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- xen: No dependencies on dracut and microcode_ctl RPMs (Boris Ostrovsky)&nbsp [Orabug: 27409718]

Solution

Update the affected xen / xen-tools packages.

See Also

http://www.nessus.org/u?de7c508d

Plugin Details

Severity: Medium

ID: 107130

File Name: oraclevm_OVMSA-2018-0021.nasl

Version: 3.7

Type: local

Published: 2018/03/05

Modified: 2018/07/24

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/03/02

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-7540, CVE-2018-7541

IAVA: 2018-A-0019, 2018-A-0020