OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0023) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL)

Medium Nessus Plugin ID 125664

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.7

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - x86/speculation/mds: Check for the right microcode before setting mitigation (Kanth Ghatraju) [Orabug:
 29797118]

 - vxlan: test dev->flags & IFF_UP before accessing vxlan->dev->dev_addr (Venkat Venkatsubra) [Orabug:
 29710939]

 - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive (Eric Dumazet) [Orabug: 29710939]

 - nvme: allow timed-out ios to retry (James Smart) [Orabug: 29301607]

 - rds: Introduce a pool of worker threads for connection management (H&aring kon Bugge) [Orabug: 29391909]

 - rds: Use rds_conn_path cp_wq when applicable (H&aring kon Bugge) [Orabug: 29391909]

 - rds: ib: Implement proper cm_id compare (H&aring kon Bugge) [Orabug: 29391909]

 - Revert 'net/rds: prevent RDS connections using stale ARP entries' (H&aring kon Bugge) [Orabug: 29391909]

 - rds: ib: Flush ARP cache when needed (H&aring kon Bugge) [Orabug: 29391909]

 - rds: Add simple heuristics to determine connect delay (H&aring kon Bugge) [Orabug: 29391909]

 - rds: Fix one-sided connect (H&aring kon Bugge) [Orabug:
 29391909]

 - rds: Consolidate and align ftrace related to connection management (H&aring kon Bugge) [Orabug: 29391909]

 - rds: ib: Fix gratuitous ARP storm (H&aring kon Bugge) [Orabug: 29391909]

 - IB/mlx4: Increase the timeout for CM cache (H&aring kon Bugge) [Orabug: 29391909]

 - kvm/speculation: Allow KVM guests to use SSBD even if host does not (Alejandro Jimenez) [Orabug: 29423804]

 - x86/speculation: Keep enhanced IBRS on when spec_store_bypass_disable=on is used (Alejandro Jimenez) [Orabug: 29423804]

 - x86/speculation: Clean up enhanced IBRS checks in bugs_64.c (Alejandro Jimenez) [Orabug: 29423804]

 - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (Andrea Arcangeli) [Orabug: 29510356]

 - bnxt_en: Reset device on RX buffer errors. (Michael Chan) [Orabug: 29651238]

 - x86/mitigations: Fix the test for Xen PV guest (Boris Ostrovsky) [Orabug: 29774291]

 - x86/speculation/mds: Fix verw usage to use memory operand (Kanth Ghatraju) [Orabug: 29791036] (CVE-2018-12127) (CVE-2018-12130)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000942.html

Plugin Details

Severity: Medium

ID: 125664

File Name: oraclevm_OVMSA-2019-0023.nasl

Version: 1.3

Type: local

Published: 2019/06/03

Updated: 2020/01/13

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 7.7

CVSS Score Source: CVE-2018-12130

CVSS v2.0

Base Score: 4.7

Temporal Score: 3.5

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/06/02

Vulnerability Publication Date: 2019/05/30

Reference Information

CVE: CVE-2018-12127, CVE-2018-12130