Detections
Analytics

OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0052)

medium Nessus Plugin ID 130923

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419233] (CVE-2019-11135)

 - x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)

 - x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)

 - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)

 - x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)

 - x86/speculation/taa: Add mitigation for TSX Async Abort (Kanth Ghatraju) [Orabug: 30419233] (CVE-2019-11135)

 - x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)

 - x86/cpu: Add a helper function x86_read_arch_cap_msr (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)

 - x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419233] (CVE-2019-11135)

 - kvm: x86: mmu: Recovery of shattered NX large pages (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)

 - kvm: Add helper function for creating VM worker threads (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)

 - kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [Orabug: 29967631] (CVE-2018-12207)

 - KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [Orabug: 29967631] (CVE-2018-12207)

 - KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [Orabug: 29967631] (CVE-2018-12207)

 - kvm: x86: Do not release the page inside mmu_set_spte (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)

 - x86/cpu: Add Tremont to the cpu vulnerability whitelist (Pawan Gupta) [Orabug: 29967631] (CVE-2018-12207)

 - x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta) [Orabug: 29967631] (CVE-2018-12207)

 - KVM: x86: MMU: Move mapping_level_dirty_bitmap call in mapping_level (Takuya Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)

 - Revert 'KVM: x86: use the fast way to invalidate all pages' (Sean Christopherson) [Orabug: 29967631] (CVE-2018-12207)

 - kvm: Convert kvm_lock to a mutex (Junaid Shahid) [Orabug: 29967631] (CVE-2018-12207)

 - KVM: x86: MMU: Simplify force_pt_level calculation code in FNAME(page_fault) (Takuya Yoshikawa) [Orabug:
 29967631] (CVE-2018-12207)

 - KVM: x86: MMU: Make force_pt_level bool (Takuya Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)

 - KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page (Takuya Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)

 - KVM: x86: extend usage of RET_MMIO_PF_* constants (Paolo Bonzini) [Orabug: 29967631] (CVE-2018-12207)

 - KVM: x86: MMU: Make mmu_set_spte return emulate value (Takuya Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)

 - KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page to link_shadow_page (Takuya Yoshikawa) [Orabug: 29967631] (CVE-2018-12207)

 - KVM: x86: MMU: Move initialization of parent_ptes out from kvm_mmu_alloc_page (Takuya Yoshikawa) [Orabug:
 29967631] (CVE-2018-12207)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?7baad653

Plugin Details

Severity: Medium

ID: 130923

File Name: oraclevm_OVMSA-2019-0052.nasl

Version: 1.4

Type: local

Published: 11/13/2019

Updated: 12/13/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.1

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-11135

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/13/2019

Vulnerability Publication Date: 11/14/2019

Reference Information

CVE: CVE-2018-12207, CVE-2019-11135