OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0253)

high Nessus Plugin ID 112282
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- rebuild bumping release

- Cipso: cipso_v4_optptr enter infinite loop (yujuan.qi) [Orabug: 28563992] (CVE-2018-10938)

- Btrfs: fix list_add corruption and soft lockups in fsync (Liu Bo)

- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (Peter Zijlstra) [Orabug: 28474643] (CVE-2018-15594)

- sym53c8xx: fix NULL pointer dereference panic in sym_int_sir in sym_hipd.c (George Kennedy) [Orabug:
28481893]

- md/raid1: Avoid raid1 resync getting stuck (Jes Sorensen) [Orabug: 28529228]

- x86/spectrev2: Don't set mode to SPECTRE_V2_NONE when retpoline is available. (Boris Ostrovsky) [Orabug:
28540376]

- ext4: avoid deadlock when expanding inode size (Jan Kara) [Orabug: 25718971]

- ext4: properly align shifted xattrs when expanding inodes (Jan Kara)

- ext4: fix xattr shifting when expanding inodes part 2 (Jan Kara)

- ext4: fix xattr shifting when expanding inodes (Jan Kara) [Orabug: 25718971]

- uek-rpm: Enable perf stripped binary (Victor Erminpour) [Orabug: 27801171]

- nfsd: give out fewer session slots as limit approaches (J. Bruce Fields) [Orabug: 28023821]

- nfsd: increase DRC cache limit (J. Bruce Fields) [Orabug: 28023821]

- uek-rpm: config-debug: Turn off torture testing by default (Knut Omang) [Orabug: 28261886]

- ipmi: Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg (Junichi Nomura)

- x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs (Yazen Ghannam) [Orabug: 28416303]

- Fix up non-directory creation in SGID directories (Linus Torvalds) [Orabug: 28459477] (CVE-2018-13405)

- scsi: libsas: defer ata device eh commands to libata (Jason Yan) [Orabug: 28459685] (CVE-2018-10021)

- PCI: Allocate ATS struct during enumeration (Bjorn Helgaas) [Orabug: 28460092]

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?c8217169

Plugin Details

Severity: High

ID: 112282

File Name: oraclevm_OVMSA-2018-0253.nasl

Version: 1.4

Type: local

Published: 9/5/2018

Updated: 9/27/2019

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:vm:kernel-uek:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:vm:kernel-uek-firmware:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/4/2018

Vulnerability Publication Date: 4/11/2018

Reference Information

CVE: CVE-2018-13405, CVE-2018-10938, CVE-2018-15594, CVE-2018-10021