OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0023) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL)

medium Nessus Plugin ID 125664

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - x86/speculation/mds: Check for the right microcode before setting mitigation (Kanth Ghatraju) [Orabug:
 29797118]

 - vxlan: test dev->flags & IFF_UP before accessing vxlan->dev->dev_addr (Venkat Venkatsubra) [Orabug:
 29710939]

 - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive (Eric Dumazet) [Orabug: 29710939]

 - nvme: allow timed-out ios to retry (James Smart) [Orabug: 29301607]

 - rds: Introduce a pool of worker threads for connection management (H&aring kon Bugge) [Orabug: 29391909]

 - rds: Use rds_conn_path cp_wq when applicable (H&aring kon Bugge) [Orabug: 29391909]

 - rds: ib: Implement proper cm_id compare (H&aring kon Bugge) [Orabug: 29391909]

 - Revert 'net/rds: prevent RDS connections using stale ARP entries' (H&aring kon Bugge) [Orabug: 29391909]

 - rds: ib: Flush ARP cache when needed (H&aring kon Bugge) [Orabug: 29391909]

 - rds: Add simple heuristics to determine connect delay (H&aring kon Bugge) [Orabug: 29391909]

 - rds: Fix one-sided connect (H&aring kon Bugge) [Orabug:
 29391909]

 - rds: Consolidate and align ftrace related to connection management (H&aring kon Bugge) [Orabug: 29391909]

 - rds: ib: Fix gratuitous ARP storm (H&aring kon Bugge) [Orabug: 29391909]

 - IB/mlx4: Increase the timeout for CM cache (H&aring kon Bugge) [Orabug: 29391909]

 - kvm/speculation: Allow KVM guests to use SSBD even if host does not (Alejandro Jimenez) [Orabug: 29423804]

 - x86/speculation: Keep enhanced IBRS on when spec_store_bypass_disable=on is used (Alejandro Jimenez) [Orabug: 29423804]

 - x86/speculation: Clean up enhanced IBRS checks in bugs_64.c (Alejandro Jimenez) [Orabug: 29423804]

 - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (Andrea Arcangeli) [Orabug: 29510356]

 - bnxt_en: Reset device on RX buffer errors. (Michael Chan) [Orabug: 29651238]

 - x86/mitigations: Fix the test for Xen PV guest (Boris Ostrovsky) [Orabug: 29774291]

 - x86/speculation/mds: Fix verw usage to use memory operand (Kanth Ghatraju) [Orabug: 29791036] (CVE-2018-12127) (CVE-2018-12130)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000942.html

Plugin Details

Severity: Medium

ID: 125664

File Name: oraclevm_OVMSA-2019-0023.nasl

Version: 1.3

Type: local

Published: 6/3/2019

Updated: 1/13/2020

Risk Information

VPR

Risk Factor: High

Score: 7.1

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.5

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2018-12130

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/2/2019

Vulnerability Publication Date: 5/30/2019

Reference Information

CVE: CVE-2018-12127, CVE-2018-12130