OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0023) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL)

medium Nessus Plugin ID 125664
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- x86/speculation/mds: Check for the right microcode before setting mitigation (Kanth Ghatraju) [Orabug:
29797118]

- vxlan: test dev->flags & IFF_UP before accessing vxlan->dev->dev_addr (Venkat Venkatsubra) [Orabug:
29710939]

- vxlan: test dev->flags & IFF_UP before calling gro_cells_receive (Eric Dumazet) [Orabug: 29710939]

- nvme: allow timed-out ios to retry (James Smart) [Orabug: 29301607]

- rds: Introduce a pool of worker threads for connection management (H&aring kon Bugge) [Orabug: 29391909]

- rds: Use rds_conn_path cp_wq when applicable (H&aring kon Bugge) [Orabug: 29391909]

- rds: ib: Implement proper cm_id compare (H&aring kon Bugge) [Orabug: 29391909]

- Revert 'net/rds: prevent RDS connections using stale ARP entries' (H&aring kon Bugge) [Orabug: 29391909]

- rds: ib: Flush ARP cache when needed (H&aring kon Bugge) [Orabug: 29391909]

- rds: Add simple heuristics to determine connect delay (H&aring kon Bugge) [Orabug: 29391909]

- rds: Fix one-sided connect (H&aring kon Bugge) [Orabug:
29391909]

- rds: Consolidate and align ftrace related to connection management (H&aring kon Bugge) [Orabug: 29391909]

- rds: ib: Fix gratuitous ARP storm (H&aring kon Bugge) [Orabug: 29391909]

- IB/mlx4: Increase the timeout for CM cache (H&aring kon Bugge) [Orabug: 29391909]

- kvm/speculation: Allow KVM guests to use SSBD even if host does not (Alejandro Jimenez) [Orabug: 29423804]

- x86/speculation: Keep enhanced IBRS on when spec_store_bypass_disable=on is used (Alejandro Jimenez) [Orabug: 29423804]

- x86/speculation: Clean up enhanced IBRS checks in bugs_64.c (Alejandro Jimenez) [Orabug: 29423804]

- mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (Andrea Arcangeli) [Orabug: 29510356]

- bnxt_en: Reset device on RX buffer errors. (Michael Chan) [Orabug: 29651238]

- x86/mitigations: Fix the test for Xen PV guest (Boris Ostrovsky) [Orabug: 29774291]

- x86/speculation/mds: Fix verw usage to use memory operand (Kanth Ghatraju) [Orabug: 29791036] (CVE-2018-12127) (CVE-2018-12130)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000942.html

Plugin Details

Severity: Medium

ID: 125664

File Name: oraclevm_OVMSA-2019-0023.nasl

Version: 1.3

Type: local

Published: 6/3/2019

Updated: 1/13/2020

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2018-12130

VPR

Risk Factor: High

Score: 8.3

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.5

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/2/2019

Vulnerability Publication Date: 5/30/2019

Reference Information

CVE: CVE-2018-12127, CVE-2018-12130