OracleVM 3.4 : xen (OVMSA-2018-0233) (Spectre)

Medium Nessus Plugin ID 110792

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address
critical security updates :

- BUILDINFO: xen
commit=67e64eec4bfe342ca6c2ff0858ae7f5c39041013

- BUILDINFO: QEMU upstream
commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE
commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS
commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86/HVM: Restart ioreq processing state machine (Boris
Ostrovsky)

- BUILDINFO: xen
commit=7e4f43226d60a48df300b32ce60ecff75ce2612d

- BUILDINFO: QEMU upstream
commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE
commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS
commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- svm: fix incorrect TSC scaling (Haozhong Zhang) [Orabug:
28189188]

- BUILDINFO: xen
commit=ba8e4ae04e3594470f9ce1663135fbe8c25106af

- BUILDINFO: QEMU upstream
commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE
commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS
commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- x86/spec-ctrl: Mitigations for LazyFPU (Ross Philipson)
[Orabug: 28135217] (CVE-2018-3665)

- x86: Support fully eager FPU context switching (Andrew
Cooper) [Orabug: 28135217] (CVE-2018-3665)

- BUILDINFO: xen
commit=312880584fe084de632a6667254a5cc1c846179e

- BUILDINFO: QEMU upstream
commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE
commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS
commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- [xenmicrocode] Fix error reporting on successful return
from tool (Ross Philipson) [Orabug: 28128506]

- x86: correct default_xen_spec_ctrl calculation (Jan
Beulich) [Orabug: 28034172]

- x86/msr: Virtualise MSR_SPEC_CTRL.SSBD for guests to use
(Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639)

- x86/Intel: Mitigations for GPZ SP4 - Speculative Store
Bypass (Andrew Cooper) [Orabug: 28034172]
(CVE-2018-3639)

- x86/AMD: Mitigations for GPZ SP4 - Speculative Store
Bypass (Andrew Cooper) [Orabug: 28034172]
(CVE-2018-3639)

- x86/spec_ctrl: Introduce a new `spec-ctrl=` command line
argument to replace `bti=` (Andrew Cooper) [Orabug:
28034172] (CVE-2018-3639)

- x86/cpuid: Improvements to guest policies for
speculative sidechannel features (Andrew Cooper)
[Orabug: 28034172] (CVE-2018-3639)

- x86/spec_ctrl: Explicitly set Xen's default
MSR_SPEC_CTRL value (Andrew Cooper) [Orabug: 28034172]
(CVE-2018-3639)

- x86/spec_ctrl: Split X86_FEATURE_SC_MSR into PV and HVM
variants (Andrew Cooper) [Orabug: 28034172]
(CVE-2018-3639)

- x86/spec_ctrl: Elide MSR_SPEC_CTRL handling in idle
context when possible (Andrew Cooper) [Orabug: 28034172]
(CVE-2018-3639)

- x86/spec_ctrl: Rename bits of infrastructure to avoid
NATIVE and VMEXIT (Andrew Cooper) [Orabug: 28034172]
(CVE-2018-3639)

- x86/spec_ctrl: Fold the XEN_IBRS_[SET,CLEAR]
ALTERNATIVES together (Andrew Cooper) [Orabug: 28034172]
(CVE-2018-3639)

- x86/spec_ctrl: Merge bti_ist_info and
use_shadow_spec_ctrl into spec_ctrl_flags (Andrew
Cooper) [Orabug: 28034172] (CVE-2018-3639)

- x86/spec_ctrl: Express Xen's choice of MSR_SPEC_CTRL
value as a variable (Andrew Cooper) [Orabug: 28034172]
(CVE-2018-3639)

- x86/spec_ctrl: Read MSR_ARCH_CAPABILITIES only once
(Andrew Cooper) [Orabug: 28034172] (CVE-2018-3639)

- x86/spec_ctrl: Assume that STIBP feature is always
available (Boris Ostrovsky) [Orabug: 28034172]
(CVE-2018-3639)

- x86/spec_ctrl: Updates to retpoline-safety decision
making (Andrew Cooper) [Orabug: 28034172]
(CVE-2018-3639)

- BUILDINFO: xen
commit=dc770041d983843c860c06d405054c0e01a4fd98

- BUILDINFO: QEMU upstream
commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff

- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba

- BUILDINFO: IPXE
commit=9a93db3f0947484e30e753bbd61a10b17336e20e

- BUILDINFO: SeaBIOS
commit=7d9cbe613694924921ed1a6f8947d711c5832eee

- one-off build

Solution

Update the affected xen / xen-tools packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2018-June/000869.html

Plugin Details

Severity: Medium

ID: 110792

File Name: oraclevm_OVMSA-2018-0233.nasl

Version: 1.4

Type: local

Published: 2018/06/29

Modified: 2018/11/19

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

CVSS v3.0

Base Score: 5.6

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.4

Patch Publication Date: 2018/06/28

Reference Information

CVE: CVE-2018-3639, CVE-2018-3665