OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0273)

Medium Nessus Plugin ID 119010

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:447! (Mike Kravetz)

- scsi: libsas: fix memory leak in sas_smp_get_phy_events (Jason Yan) [Orabug: 27927687] (CVE-2018-7757)

- KVM: vmx: shadow more fields that are read/written on every vmexits (Paolo Bonzini) [Orabug: 28581045]

- vhost/scsi: Use common handling code in request queue handler (Bijan Mottahedeh) [Orabug: 28775573]

- vhost/scsi: Extract common handling code from control queue handler (Bijan Mottahedeh) [Orabug: 28775573]

- vhost/scsi: Respond to control queue operations (Bijan Mottahedeh)

- scsi: lpfc: devloss timeout race condition caused null pointer reference (James Smart) [Orabug: 27994179]

- scsi: qla2xxx: Fix race condition between iocb timeout and initialisation (Ben Hutchings) [Orabug: 28013813]

- i40e: Add programming descriptors to cleaned_count (Alexander Duyck)

- i40e: Fix memory leak related filter programming status (Alexander Duyck) [Orabug: 28228724]

- xen-swiotlb: use actually allocated size on check physical continuous (Joe Jin) [Orabug: 28258102]

- Revert 'Revert 'xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent'' (Dongli Zhang) [Orabug:
28258102]

- net/mlx4_en: fix potential use-after-free with dma_unmap_page (Sarah Newman) [Orabug: 28376051]

- ocfs2: fix ocfs2 read block panic (Junxiao Bi) [Orabug:
28580543]

- block: fix bdi vs gendisk lifetime mismatch (Dan Williams) [Orabug: 28645416]

- e1000e: Fix link check race condition (Benjamin Poirier) [Orabug: 28716958]

- Revert 'e1000e: Separate signaling for link check/link up' (Benjamin Poirier) [Orabug: 28716958]

- e1000e: Avoid missed interrupts following ICR read (Benjamin Poirier)

- e1000e: Fix queue interrupt re-raising in Other interrupt (Benjamin Poirier) [Orabug: 28716958]

- Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (Benjamin Poirier) [Orabug: 28716958]

- e1000e: Remove Other from EIAC (Benjamin Poirier) [Orabug: 28716958]

- Fix error code in nfs_lookup_verify_inode (Lance Shelton) [Orabug: 28789030]

- workqueue: Allow modifying low level unbound workqueue cpumask (Lai Jiangshan) [Orabug: 28813166]

- workqueue: Create low-level unbound workqueues cpumask (Frederic Weisbecker) [Orabug: 28813166]

- scsi: sg: mitigate read/write abuse (Jann Horn) [Orabug:
28824718] (CVE-2017-13168)

- Revert 'rds: RDS (tcp) hangs on sendto to unresponding address' (Brian Maly) [Orabug: 28837953]

- x86/speculation: Retpoline should always be available on Skylake (Alexandre Chartre) [Orabug: 28801831]

- x86/speculation: Add sysfs entry to enable/disable retpoline (Alexandre Chartre) [Orabug: 28607548]

- x86/speculation: Switch to IBRS when loading a non-retpoline module (Alexandre Chartre) [Orabug:
28607548]

- x86/speculation: Remove unnecessary retpoline alternatives (Alexandre Chartre) [Orabug: 28607548]

- x86/speculation: Use static key to enable/disable retpoline (Alexandre Chartre) [Orabug: 28607548]

- locking/static_keys: Provide DECLARE and well as DEFINE macros (Tony Luck) [Orabug: 28607548]

- jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (Jason Baron) [Orabug: 28607548]

- locking/static_key: Fix concurrent static_key_slow_inc (Paolo Bonzini) [Orabug: 28607548]

- jump_label: make static_key_enabled work on static_key_true/false types too (Tejun Heo) [Orabug:
28607548]

- locking/static_keys: Fix up the static keys documentation (Jonathan Corbet) [Orabug: 28607548]

- locking/static_keys: Fix a silly typo (Jonathan Corbet) [Orabug: 28607548]

- jump label, locking/static_keys: Update docs (Jason Baron) [Orabug: 28607548]

- x86/asm: Add asm macros for static keys/jump labels (Andy Lutomirski)

- x86/asm: Error out if asm/jump_label.h is included inappropriately (Andy Lutomirski) [Orabug: 28607548]

- jump_label/x86: Work around asm build bug on older/backported GCCs (Peter Zijlstra) [Orabug:
28607548]

- locking/static_keys: Add a new static_key interface (Peter Zijlstra)

- locking/static_keys: Rework update logic (Peter Zijlstra) [Orabug: 28607548]

- jump_label: Add jump_entry_key helper (Peter Zijlstra) [Orabug: 28607548]

- jump_label, locking/static_keys: Rename JUMP_LABEL_TYPE_* and related helpers to the static_key* pattern (Peter Zijlstra) [Orabug: 28607548]

- jump_label: Rename JUMP_LABEL_[EN,DIS]ABLE to JUMP_LABEL_[JMP,NOP] (Peter Zijlstra) [Orabug: 28607548]

- module, jump_label: Fix module locking (Peter Zijlstra) [Orabug: 28607548]

- x86/speculation: Protect against userspace-userspace spectreRSB (Jiri Kosina) [Orabug: 28631590] (CVE-2018-15572)

- x86/spectre_v2: Remove remaining references to lfence mitigation (Alejandro Jimenez) [Orabug: 28631590] (CVE-2018-15572)

- Revert 'md: allow a partially recovered device to be hot-added to an array.' (NeilBrown) [Orabug: 28702623]

- x86/bugs: ssbd_ibrs_selected called prematurely (Daniel Jordan)

- net/mlx4_core: print firmware version during driver loading (Qing Huang) [Orabug: 28809377]

- mm: numa: Do not trap faults on shared data section pages. (Henry Willard) [Orabug: 28814880]

- hugetlbfs: dirty pages as they are added to pagecache (Mike Kravetz)

- rds: RDS (tcp) hangs on sendto to unresponding address (Ka-Cheong Poon) [Orabug: 28762608]

- nfs: fix a deadlock in nfs client initialization (Scott Mayhew)

- infiniband: fix a possible use-after-free bug (Cong Wang) [Orabug: 28774517] (CVE-2018-14734)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?b815d8a5

Plugin Details

Severity: Medium

ID: 119010

File Name: oraclevm_OVMSA-2018-0273.nasl

Version: 1.2

Type: local

Published: 2018/11/16

Updated: 2019/09/27

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Patch Publication Date: 2018/11/15

Vulnerability Publication Date: 2017/12/06

Reference Information

CVE: CVE-2017-13168, CVE-2018-14734, CVE-2018-15572, CVE-2018-7757