OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0024)

High Nessus Plugin ID 125754

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- hugetlbfs: don't retry when pool page allocations start to fail (Mike Kravetz) [Orabug: 29324267]

- x86/speculation: RSB stuffing with retpoline on Skylake+ cpus (William Roche) [Orabug: 29660924]

- x86/speculation: reformatting RSB overwrite macro (William Roche) [Orabug: 29660924]

- x86/speculation: Dynamic enable and disable of RSB stuffing with IBRS&!SMEP (William Roche) [Orabug:
29660924]

- x86/speculation: STUFF_RSB dynamic enable (William Roche) [Orabug: 29660924]

- int3 handler better address space detection on interrupts (William Roche) [Orabug: 29660924]

- repairing out-of-tree build functionality (Mark Nicholson) [Orabug: 29755100]

- ext4: fix false negatives*and* false positives in ext4_check_descriptors (Shuning Zhang) [Orabug:
29797007]

- ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (Shuning Zhang) [Orabug: 29233739]

- Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (Marcel Holtmann) [Orabug: 29526426] (CVE-2019-3459)

- Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (Marcel Holtmann) [Orabug: 29526426] (CVE-2019-3459)

- HID: debug: fix the ring buffer implementation (Vladis Dronov) [Orabug: 29629481] (CVE-2019-3819) (CVE-2019-3819)

- scsi: target: iscsi: Use hex2bin instead of a re-implementation (Vincent Pelletier) [Orabug: 29778875] (CVE-2018-14633) (CVE-2018-14633)

- scsi: libsas: fix a race condition when smp task timeout (Jason Yan) [Orabug: 29783225] (CVE-2018-20836)

- scsi: megaraid_sas: return error when create DMA pool failed (Jason Yan) [Orabug: 29783254] (CVE-2019-11810)

- Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786786] (CVE-2011-1079) (CVE-2019-11884)

- x86/speculation/mds: Add 'mitigations=' support for MDS (Kanth Ghatraju) [Orabug: 29791046]

- net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock. (Mao Wenan) [Orabug: 29802785] (CVE-2019-11815)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000943.html

Plugin Details

Severity: High

ID: 125754

File Name: oraclevm_OVMSA-2019-0024.nasl

Version: 1.2

Type: local

Published: 2019/06/07

Updated: 2019/09/27

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/06/05

Vulnerability Publication Date: 2012/06/21

Reference Information

CVE: CVE-2011-1079, CVE-2018-14633, CVE-2018-20836, CVE-2019-11810, CVE-2019-11815, CVE-2019-11884, CVE-2019-3459, CVE-2019-3819

BID: 46616