OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0228) (Spectre)

high Nessus Plugin ID 110526

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- netlink: add a start callback for starting a netlink dump (Tom Herbert) [Orabug: 27169581] (CVE-2017-16939)

- ipsec: Fix aborted xfrm policy dump crash (Herbert Xu) [Orabug: 27169581] (CVE-2017-16939)

- net/rds: prevent RDS connections using stale ARP entries (Wei Lin Guay) [Orabug: 28149101]

- net/rds: Avoid stalled connection due to CM REQ retries (Wei Lin Guay) [Orabug: 28068627]

- net/rds: use one sided reconnection during a race (Wei Lin Guay)

- Revert 'Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled' (H&aring kon Bugge) [Orabug:
28068627]

- xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (Joe Jin) [Orabug: 22910685]

- net/rds: Assign the correct service level (Wei Lin Guay) [Orabug: 27607213]

- target: Re-add missing SCF_ACK_KREF assignment in v4.1.y (Nicholas Bellinger) [Orabug: 27781132]

- target: Fix LUN_RESET active I/O handling for ACK_KREF (Nicholas Bellinger) [Orabug: 27781132]

- target: Invoke release_cmd callback without holding a spinlock (Bart Van Assche) [Orabug: 27781132]

- x86/bugs: Remove the Disabling Spectre v2 mitigation retpoline (Konrad Rzeszutek Wilk) [Orabug: 27897282]

- x86/bugs: Report properly retpoline+IBRS (Konrad Rzeszutek Wilk)

- x86/bugs: Don't lie when fallback retpoline is engaged (Konrad Rzeszutek Wilk)

- fs: aio: fix the increment of aio-nr and counting against aio-max-nr (Mauricio Faria de Oliveira) [Orabug:
28079082]

- qla2xxx: Enable buffer boundary check when DIF bundling is on. (Rajan Shanmugavelu) [Orabug: 28130589]

- kernel: sys.c: missing break for prctl spec ctrl (Mihai Carabas)

- x86/bugs/IBRS: Keep SSBD mitigation in effect if spectre_v2=ibrs is selected (Mihai Carabas)

- fs/pstore: update the backend parameter in pstore module (Wang Long)

- kvm: vmx: Reinstate support for CPUs without virtual NMI (Paolo Bonzini) [Orabug: 28041210]

- dm crypt: add big-endian variant of plain64 IV (Milan Broz) [Orabug: 28043932]

- x86/bugs: Rename SSBD_NO to SSB_NO (Konrad Rzeszutek Wilk) [Orabug: 28063992] (CVE-2018-3639)

- KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Tom Lendacky) [Orabug: 28063992] [Orabug: 28069548] (CVE-2018-3639)

- x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Thomas Gleixner) [Orabug:
28063992] (CVE-2018-3639)

- x86/bugs: Rework spec_ctrl base and mask logic (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639)

- x86/bugs: Expose x86_spec_ctrl_base directly (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639)

- x86/bugs: Unify x86_spec_ctrl_[set_guest,restore_host] (Borislav Petkov) [Orabug: 28063992] (CVE-2018-3639)

- x86/speculation: Rework speculative_store_bypass_update (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639)

- x86/speculation: Add virtualized speculative store bypass disable support (Tom Lendacky) [Orabug: 28063992] (CVE-2018-3639)

- x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639)

- x86/speculation: Handle HT correctly on AMD (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639)

- x86/cpufeatures: Add FEATURE_ZEN (Thomas Gleixner) [Orabug: 28063992] (CVE-2018-3639)

- x86/cpu/AMD: Fix erratum 1076 (CPB bit) (Borislav Petkov) [Orabug: 28063992] (CVE-2018-3639)

- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] (CVE-2018-1000199)

- Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947602]

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2018-June/000863.html

Plugin Details

Severity: High

ID: 110526

File Name: oraclevm_OVMSA-2018-0228.nasl

Version: 1.3

Type: local

Published: 6/14/2018

Updated: 9/27/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/13/2018

Vulnerability Publication Date: 11/24/2017

Reference Information

CVE: CVE-2017-16939, CVE-2018-1000199, CVE-2018-3639