Oracle Linux 7 : qemu (ELSA-2019-4713) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

high Nessus Plugin ID 126673


The remote Oracle Linux host is missing one or more security updates.


Description of changes:

- Only enable the halt poll control MSR if it is supported by the host (Mark Kanda) [Orabug: 29946722]

- kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug: 29933278]
- Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931 (Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-9524}
- pvrdma: release device resources in case of an error (Prasad J Pandit) [Orabug: 29056678] {CVE-2018-20123}
- qxl: check release info object (Prasad J Pandit) [Orabug: 29886906] {CVE-2019-12155}
- target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- docs: recommend use of md-clear feature on all Intel CPUs (Daniel P. Berrang&eacute ) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- pvh: block migration if booting using PVH (Liam Merwick) [Orabug: 29796676]
- hw/i386/pc: run the multiboot loader before the PVH loader (Stefano Garzarella) [Orabug: 29796676]
- optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug: 29796676]
- hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676]
- qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676]
- optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676]
- linuxboot_dma: move common functions in a new header (Stefano Garzarella) [Orabug: 29796676]
- linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano Garzarella) [Orabug: 29796676]
- pvh: load initrd and expose it through fw_cfg (Stefano Garzarella) [Orabug: 29796676]
- pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick) [Orabug: 29796676]
- pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug: 29796676]
- elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676]
- elf: Add optional function ptr to load_elf() to parse ELF notes (Liam Merwick) [Orabug: 29796676]


Update the affected qemu packages.

See Also

Plugin Details

Severity: High

ID: 126673

File Name: oraclelinux_ELSA-2019-4713.nasl

Version: 1.5

Type: local

Agent: unix

Published: 7/15/2019

Updated: 5/10/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information


Risk Factor: Medium

Score: 6.5


Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-5931


Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:qemu-system-x86, p-cpe:/a:oracle:linux:qemu-system-x86-core, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:qemu, p-cpe:/a:oracle:linux:qemu-block-gluster, p-cpe:/a:oracle:linux:qemu-block-iscsi, p-cpe:/a:oracle:linux:qemu-block-rbd, p-cpe:/a:oracle:linux:qemu-common, p-cpe:/a:oracle:linux:qemu-img, p-cpe:/a:oracle:linux:qemu-kvm, p-cpe:/a:oracle:linux:qemu-kvm-core

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/11/2019

Vulnerability Publication Date: 3/20/2017

Reference Information

CVE: CVE-2017-5931, CVE-2017-6058, CVE-2017-9524, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-20123, CVE-2019-11091, CVE-2019-12155