OracleVM 3.4 : xen (OVMSA-2018-0028) (Spectre)

medium Nessus Plugin ID 108823
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

- BUILDINFO: xen commit=bf523bc61677448cb7bb79980d6969896d005bd5

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- hvmloader: Initialize a variable before we use it (Patrick Colp)

- x86/hvm: indicate avaliability of HW support of APIC virtualization to HVM guests (Boris Ostrovsky) [Orabug:
27739755]

- x86/boot: Disable IBRS in intr/nmi exit path at bootup stage (Zhenzhong Duan) [Orabug: 27411047]

- Fix a wrong check in DO_SPEC_CTRL_EXIT_TO_XEN (Zhenzhong Duan) [Orabug: 27738692] (CVE-2017-5715)

- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

- BUILDINFO: xen commit=eb6d0ea26496051c6ab876e4037fca0b9cf079d9

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- xenstore: add assertion in database dumping code (Wei Liu) [Orabug: 27608242]

- xenstore: send error earlier in do_mkdir (Wei Liu) [Orabug: 27608242]

- xenstore: add memory allocation debugging capability (Juergen Gross)

- xenstore: use temporary memory context for firing watches (Juergen Gross) [Orabug: 27608242]

- xenstore: add explicit memory context parameter to get_node (Juergen Gross) [Orabug: 27608242]

- xenstore: add explicit memory context parameter to read_node (Juergen Gross) [Orabug: 27608242]

- xenstore: add explicit memory context parameter to get_parent (Juergen Gross) [Orabug: 27608242]

- xenstore: call each xenstored command function with temporary context (Juergen Gross) [Orabug: 27608242]

- cxenstored: document a bunch of short options in help string (Wei Liu) [Orabug: 27608242]

- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

- BUILDINFO: xen commit=18c714d6839a3fd0d42a5400de940c5b5e788a8c

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86/spectre: Make retpoline code match upstream version (Patrick Colp)

- xenbaked.c: Avoid divide by zero issue (Joe Jin) [Orabug: 27687906]

- xen/trace: Fix trace metadata page count calculation (revert fbf96e6) (George Dunlap) [Orabug: 27602524]

- x86/traps/spectre: Fix IO emulation stub code (Boris Ostrovsky) [Orabug: 27693394] (CVE-2017-5715)

- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

- BUILDINFO: xen commit=fa171d3584f49dae46fcea63516b25465473a83b

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- xend: use vcpus variable in log.warn (Elena Ufimtseva) - xend: turn off smt if vcpus are not multiple of threads (Elena Ufimtseva) [Orabug: 27648711]

- xend: fix preserving smt across reboot (Elena Ufimtseva) [Orabug: 27648711]

- xend: fix is_vnuma_off function (Elena Ufimtseva)

- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

- BUILDINFO: xen commit=131bef465d7329311ec1d9d8f8011a1ceb8d32fe

- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- mm, sysctl, xend: only create when there's enough scrubbed memory (Joao Martins) [Orabug: 27450131]

Solution

Update the affected xen / xen-tools packages.

See Also

http://www.nessus.org/u?0c2bd755

Plugin Details

Severity: Medium

ID: 108823

File Name: oraclevm_OVMSA-2018-0028.nasl

Version: 1.8

Type: local

Published: 4/4/2018

Updated: 4/15/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.6

CVSS v2

Risk Factor: Low

Base Score: 1.9

Temporal Score: 1.7

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/3/2018

Vulnerability Publication Date: 1/4/2018

Reference Information

CVE: CVE-2017-5715

IAVA: 2018-A-0020