OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0228) (Spectre)

high Nessus Plugin ID 110526
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- netlink: add a start callback for starting a netlink dump (Tom Herbert) [Orabug: 27169581] (CVE-2017-16939)

- ipsec: Fix aborted xfrm policy dump crash (Herbert Xu) [Orabug: 27169581] (CVE-2017-16939)

- net/rds: prevent RDS connections using stale ARP entries (Wei Lin Guay) [Orabug: 28149101]

- net/rds: Avoid stalled connection due to CM REQ retries (Wei Lin Guay) [Orabug: 28068627]

- net/rds: use one sided reconnection during a race (Wei Lin Guay)

- Revert 'Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled' (H&aring kon Bugge) [Orabug:

- xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (Joe Jin) [Orabug: 22910685]

- net/rds: Assign the correct service level (Wei Lin Guay) [Orabug: 27607213]

- target: Re-add missing SCF_ACK_KREF assignment in v4.1.y (Nicholas Bellinger) [Orabug: 27781132]

- target: Fix LUN_RESET active I/O handling for ACK_KREF (Nicholas Bellinger) [Orabug: 27781132]

- target: Invoke release_cmd callback without holding a spinlock (Bart Van Assche) [Orabug: 27781132]

- x86/bugs: Remove the Disabling Spectre v2 mitigation retpoline (Konrad Rzeszutek Wilk) [Orabug: 27897282]

- x86/bugs: Report properly retpoline+IBRS (Konrad Rzeszutek Wilk)

- x86/bugs: Don't lie when fallback retpoline is engaged (Konrad Rzeszutek Wilk)

- fs: aio: fix the increment of aio-nr and counting against aio-max-nr (Mauricio Faria de Oliveira) [Orabug:

- qla2xxx: Enable buffer boundary check when DIF bundling is on. (Rajan Shanmugavelu) [Orabug: 28130589]

- kernel: sys.c: missing break for prctl spec ctrl (Mihai Carabas)

- x86/bugs/IBRS: Keep SSBD mitigation in effect if spectre_v2=ibrs is selected (Mihai Carabas)

- fs/pstore: update the backend parameter in pstore module (Wang Long)

- kvm: vmx: Reinstate support for CPUs without virtual NMI (Paolo Bonzini) [Orabug: 28041210]

- dm crypt: add big-endian variant of plain64 IV (Milan Broz) [Orabug: 28043932]

- x86/bugs: Rename SSBD_NO to SSB_NO (Konrad Rzeszutek Wilk) [Orabug: 28063992] (CVE-2018-3639)

- KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Tom Lendacky) [Orabug: 28063992] [Orabug: 28069548] (CVE-2018-3639)

- x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Thomas Gleixner) [Orabug:
28063992] (CVE-2018-3639)

- x86/bugs: Rework spec_ctrl base and mask logic (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639)

- x86/bugs: Expose x86_spec_ctrl_base directly (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639)

- x86/bugs: Unify x86_spec_ctrl_[set_guest,restore_host] (Borislav Petkov) [Orabug: 28063992] (CVE-2018-3639)

- x86/speculation: Rework speculative_store_bypass_update (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639)

- x86/speculation: Add virtualized speculative store bypass disable support (Tom Lendacky) [Orabug: 28063992] (CVE-2018-3639)

- x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639)

- x86/speculation: Handle HT correctly on AMD (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639)

- x86/cpufeatures: Add FEATURE_ZEN (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639)

- x86/cpu/AMD: Fix erratum 1076 (CPB bit) (Borislav Petkov) [Orabug: 28063992] (CVE-2018-3639)

- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] (CVE-2018-1000199)

- Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947602]


Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

Plugin Details

Severity: High

ID: 110526

File Name: oraclevm_OVMSA-2018-0228.nasl

Version: 1.3

Type: local

Published: 6/14/2018

Updated: 9/27/2019

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C


Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:vm:kernel-uek:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:vm:kernel-uek-firmware:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/13/2018

Vulnerability Publication Date: 11/24/2017

Reference Information

CVE: CVE-2017-16939, CVE-2018-1000199, CVE-2018-3639