Detections
Analytics

OracleVM 3.4 : xen (OVMSA-2018-0028) (Spectre)

medium Nessus Plugin ID 108823

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

 - BUILDINFO: xen commit=bf523bc61677448cb7bb79980d6969896d005bd5

 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

 - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - hvmloader: Initialize a variable before we use it (Patrick Colp)

- x86/hvm: indicate avaliability of HW support of APIC virtualization to HVM guests (Boris Ostrovsky) [Orabug:
 27739755]

 - x86/boot: Disable IBRS in intr/nmi exit path at bootup stage (Zhenzhong Duan) [Orabug: 27411047]

 - Fix a wrong check in DO_SPEC_CTRL_EXIT_TO_XEN (Zhenzhong Duan) [Orabug: 27738692] (CVE-2017-5715)

 - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

 - BUILDINFO: xen commit=eb6d0ea26496051c6ab876e4037fca0b9cf079d9

 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

 - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - xenstore: add assertion in database dumping code (Wei Liu) [Orabug: 27608242]

 - xenstore: send error earlier in do_mkdir (Wei Liu) [Orabug: 27608242]

 - xenstore: add memory allocation debugging capability (Juergen Gross)

- xenstore: use temporary memory context for firing watches (Juergen Gross) [Orabug: 27608242]

 - xenstore: add explicit memory context parameter to get_node (Juergen Gross) [Orabug: 27608242]

 - xenstore: add explicit memory context parameter to read_node (Juergen Gross) [Orabug: 27608242]

 - xenstore: add explicit memory context parameter to get_parent (Juergen Gross) [Orabug: 27608242]

 - xenstore: call each xenstored command function with temporary context (Juergen Gross) [Orabug: 27608242]

 - cxenstored: document a bunch of short options in help string (Wei Liu) [Orabug: 27608242]

 - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

 - BUILDINFO: xen commit=18c714d6839a3fd0d42a5400de940c5b5e788a8c

 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

 - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - x86/spectre: Make retpoline code match upstream version (Patrick Colp)

- xenbaked.c: Avoid divide by zero issue (Joe Jin) [Orabug: 27687906]

 - xen/trace: Fix trace metadata page count calculation (revert fbf96e6) (George Dunlap) [Orabug: 27602524]

 - x86/traps/spectre: Fix IO emulation stub code (Boris Ostrovsky) [Orabug: 27693394] (CVE-2017-5715)

 - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

 - BUILDINFO: xen commit=fa171d3584f49dae46fcea63516b25465473a83b

 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

 - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - xend: use vcpus variable in log.warn (Elena Ufimtseva) - xend: turn off smt if vcpus are not multiple of threads (Elena Ufimtseva) [Orabug: 27648711]

 - xend: fix preserving smt across reboot (Elena Ufimtseva) [Orabug: 27648711]

 - xend: fix is_vnuma_off function (Elena Ufimtseva)

 - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8

 - BUILDINFO: xen commit=131bef465d7329311ec1d9d8f8011a1ceb8d32fe

 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

 - BUILDINFO: QEMU traditional commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

 - BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e

 - BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee

 - mm, sysctl, xend: only create when there's enough scrubbed memory (Joao Martins) [Orabug: 27450131]

Solution

Update the affected xen / xen-tools packages.

See Also

http://www.nessus.org/u?0c2bd755

Plugin Details

Severity: Medium

ID: 108823

File Name: oraclevm_OVMSA-2018-0028.nasl

Version: 1.8

Type: local

Published: 4/4/2018

Updated: 4/15/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.6

CVSS v2

Risk Factor: Low

Base Score: 1.9

Temporal Score: 1.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/3/2018

Vulnerability Publication Date: 1/4/2018

Reference Information

CVE: CVE-2017-5715

IAVA: 2018-A-0020