OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0002)

critical Nessus Plugin ID 121605


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- rds: congestion updates can be missed when kernel low on memory (Mukesh Kacker) [Orabug: 28425811]

- net/rds: ib: Fix endless RNR Retries caused by memory allocation failures (Venkat Venkatsubra) [Orabug:

- net: rds: fix excess initialization of the recv SGEs (Zhu Yanjun) [Orabug: 29004503]

- xhci: fix usb2 resume timing and races. (Mathias Nyman) [Orabug: 29028940]

- xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices (Mathias Nyman) [Orabug: 29028940]

- userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [Orabug:
29163750] (CVE-2018-18397)

- userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [Orabug: 29163750] (CVE-2018-18397)

- x86/apic/x2apic: set affinity of a single interrupt to one cpu (Jianchao Wang) [Orabug: 29196396]

- xen/blkback: rework validate_io_op (Dongli Zhang) [Orabug: 29199843]

- xen/blkback: optimize validate_io_op to filter BLKIF_OP_RESERVED_1 operation (Dongli Zhang) [Orabug:

- xen/blkback: do not BUG for invalid blkif_request from frontend (Dongli Zhang) [Orabug: 29199843]

- net/rds: WARNING: at net/rds/recv.c:222 rds_recv_hs_exthdrs+0xf8/0x1e0 (Venkat Venkatsubra) [Orabug: 29201779]

- xen-netback: wake up xenvif_dealloc_kthread when it should stop (Dongli Zhang) [Orabug: 29217927]

- Revert 'xfs: remove nonblocking mode from xfs_vm_writepage' (Wengang Wang) [Orabug: 29279692]

- Revert 'xfs: remove xfs_cancel_ioend' (Wengang Wang) [Orabug: 29279692]

- Revert 'xfs: Introduce writeback context for writepages' (Wengang Wang) [Orabug: 29279692]

- Revert 'xfs: xfs_cluster_write is redundant' (Wengang Wang) [Orabug: 29279692]

- Revert 'xfs: factor mapping out of xfs_do_writepage' (Wengang Wang) [Orabug: 29279692]

- Revert 'xfs: don't chain ioends during writepage submission' (Wengang Wang) [Orabug: 29279692]

- mstflint: Fix coding style issues - left with LINUX_VERSION_CODE (Idan Mehalel) [Orabug: 28878697]

- mstflint: Fix coding-style issues (Idan Mehalel) [Orabug: 28878697]

- mstflint: Fix errors found with checkpatch script (Idan Mehalel) [Orabug: 28878697]

- Added support for 5th Gen devices in Secure Boot module and mtcr (Adham Masarwah) [Orabug: 28878697]

- Fix typos in mst_kernel (Adham Masarwah) [Orabug:

- bnxt_en: Report PCIe link properties with pcie_print_link_status (Brian Maly) [Orabug: 28942099]

- selinux: Perform both commoncap and selinux xattr checks (Eric W. Biederman) [Orabug: 28951521]

- Introduce v3 namespaced file capabilities (Serge E.
Hallyn) [Orabug: 28951521]

- rds: ib: Use a delay when reconnecting to the very same IP address (H&aring kon Bugge) [Orabug: 29138813]

- Change mincore to count 'mapped' pages rather than 'cached' pages (Linus Torvalds) [Orabug: 29187415] (CVE-2019-5489)

- NFSD: Set the attributes used to store the verifier for EXCLUSIVE4_1 (Kinglong Mee) [Orabug: 29204157]

- ext4: update i_disksize when new eof exceeds it (Shan Hai) [Orabug: 28940828]

- ext4: update i_disksize if direct write past ondisk size (Eryu Guan) [Orabug: 28940828]

- ext4: protect i_disksize update by i_data_sem in direct write path (Eryu Guan) [Orabug: 28940828]

- ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (Hui Peng) [Orabug: 29042981] (CVE-2018-19824)

- ALSA: usb-audio: Replace probing flag with active refcount (Takashi Iwai) [Orabug: 29042981] (CVE-2018-19824)

- ALSA: usb-audio: Avoid nested autoresume calls (Takashi Iwai) [Orabug: 29042981] (CVE-2018-19824)

- ext4: validate that metadata blocks do not overlap superblock (Theodore Ts'o) [Orabug: 29114440] (CVE-2018-1094)

- ext4: update inline int ext4_has_metadata_csum(struct super_block *sb) (John Donnelly) [Orabug: 29114440] (CVE-2018-1094)

- ext4: always initialize the crc32c checksum driver (Theodore Ts'o) [Orabug: 29114440] (CVE-2018-1094) (CVE-2018-1094)

- Revert 'bnxt_en: Reduce default rings on multi-port cards.' (Brian Maly) [Orabug: 28687746]

- mlx4_core: Disable P_Key Violation Traps (H&aring kon Bugge) [Orabug: 27693633]

- rds: RDS connection does not reconnect after CQ access violation error (Venkat Venkatsubra) [Orabug: 28733324]

- KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL (KarimAllah Ahmed) [Orabug: 28069548]

- KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL - reloaded (Mihai Carabas) [Orabug: 28069548]

- KVM/x86: Add IBPB support (Ashok Raj) [Orabug: 28069548]

- KVM: x86: pass host_initiated to functions that read MSRs (Paolo Bonzini) [Orabug: 28069548]

- KVM: VMX: make MSR bitmaps per-VCPU (Paolo Bonzini) [Orabug: 28069548]

- KVM: VMX: introduce alloc_loaded_vmcs (Paolo Bonzini) [Orabug: 28069548]

- KVM: nVMX: Eliminate vmcs02 pool (Jim Mattson) [Orabug:

- KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (Radim Kr&#x10D m&aacute &#x159 ) [Orabug:

- ocfs2: don't clear bh uptodate for block read (Junxiao Bi) [Orabug: 28762940]

- ocfs2: clear journal dirty flag after shutdown journal (Junxiao Bi) [Orabug: 28924775]

- ocfs2: fix panic due to unrecovered local alloc (Junxiao Bi) [Orabug: 28924775]

- net: rds: fix rds_ib_sysctl_max_recv_allocation error (Zhu Yanjun) [Orabug: 28947481]

- x86/speculation: Always disable IBRS in disable_ibrs_and_friends (Alejandro Jimenez) [Orabug:

- pinctrl: amd: Use devm_pinctrl_register for pinctrl registration (Laxman Dewangan) [Orabug: 27539246] (CVE-2017-18174)

- mlock: fix mlock count can not decrease in race condition (Yisheng Xie) [Orabug: 27677611] (CVE-2017-18221)

- perf/core: Fix the perf_cpu_time_max_percent check (Tan Xiaojun) [Orabug: 27823815] (CVE-2017-18255)

- x86/microcode/intel: Fix a wrong assignment of revision in _save_mc (Zhenzhong Duan) [Orabug: 28190263]

- mm: cma: fix incorrect type conversion for size during dma allocation (Rohit Vaswani) [Orabug: 28407826] (CVE-2017-9725)

- x86/speculation: Make enhanced IBRS the default spectre v2 mitigation (Alejandro Jimenez) [Orabug: 28474851]

- x86/speculation: Enable enhanced IBRS usage (Alejandro Jimenez) [Orabug: 28474851]

- x86/speculation: functions for supporting enhanced IBRS (Alejandro Jimenez) [Orabug: 28474851]

- xen/blkback: fix disconnect while I/Os in flight (Juergen Gross) [Orabug: 28744234]

- mlx4_vnic: use the mlid while calling ib_detach_mcast (aru kolappan) [Orabug: 29029705]

- ext4: fail ext4_iget for root directory if unallocated (Theodore Ts'o) [Orabug: 29048557] (CVE-2018-1092) (CVE-2018-1092)

- Bluetooth: hidp: buffer overflow in hidp_process_report (Mark Salyzyn) [Orabug: 29121215] (CVE-2018-9363) (CVE-2018-9363)

- HID: debug: check length before copy_to_user (Daniel Rosenberg) [Orabug: 29128165] (CVE-2018-9516)

- x86/MCE: Serialize sysfs changes (Seunghun Han) [Orabug:
29149888] (CVE-2018-7995)

- Input: i8042 - fix crash at boot time (Chen Hong) [Orabug: 29152328] (CVE-2017-18079)

- base/memory, hotplug: fix a kernel oops in show_valid_zones (Toshi Kani) [Orabug: 29050538]

- mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone (Toshi Kani) [Orabug: 29050538]

- drivers/base/memory.c: prohibit offlining of memory blocks with missing sections (Seth Jennings) [Orabug:

- mm: Check if section present during memory block (un)registering (Yinghai Lu) [Orabug: 29050538]

- hugetlb: take PMD sharing into account when flushing tlb/caches (Mike Kravetz) [Orabug: 28951854]

- mm: migration: fix migration of huge PMD shared pages (Mike Kravetz) [Orabug: 28951854]

- hugetlbfs: use truncate mutex to prevent pmd sharing race (Mike Kravetz) [Orabug: 28896255]

- rds: ib: Improve tracing during failover/back (H&aring kon Bugge) [Orabug: 28860366]

- rds: ib: Remove superfluous add of address on fail-back device (H&aring kon Bugge) [Orabug: 28860366]

- libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (Fred Herard) [Orabug: 28946207]

- wil6210: missing length check in wmi_set_ie (Lior David) [Orabug: 28951265] (CVE-2018-5848)

- netfilter: xt_osf: Add missing permission checks (Kevin Cernekee) [Orabug: 29037831] (CVE-2017-17450)

- x86/speculation: Fix bad argument to rdmsrl in cpu_set_bug_bits (Alejandro Jimenez) [Orabug: 29044805]


Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

Plugin Details

Severity: Critical

ID: 121605

File Name: oraclevm_OVMSA-2019-0002.nasl

Version: 1.5

Type: local

Published: 2/6/2019

Updated: 5/25/2022

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS Score Source: CVE-2017-9725


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/5/2019

Vulnerability Publication Date: 9/21/2017

Reference Information

CVE: CVE-2017-17450, CVE-2017-18079, CVE-2017-18174, CVE-2017-18221, CVE-2017-18255, CVE-2017-9725, CVE-2018-1092, CVE-2018-1094, CVE-2018-18397, CVE-2018-19824, CVE-2018-5848, CVE-2018-7995, CVE-2018-9363, CVE-2018-9516, CVE-2019-5489