OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0028)

medium Nessus Plugin ID 138416


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- ipv4: ipv4_default_advmss should use route mtu (Eric Dumazet) [Orabug: 31563095]

- net: ipv4: Refine the ipv4_default_advmss (Gao Feng) [Orabug: 31563095]

- Revert 'bnxt_en: Remove busy poll logic in the driver.' (Brian Maly) [Orabug: 28151475]

- md: batch flush requests. (NeilBrown) [Orabug: 31332821]

- ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351891] (CVE-2019-15214)

- media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner (Malcolm Priestley) [Orabug:
31352061] (CVE-2017-16538)

- media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (Malcolm Priestley) [Orabug: 31352061] (CVE-2017-16538)

- atomic_open: fix the handling of create_error (Al Viro) [Orabug: 31493395]

- media: ttusb-dec: Fix info-leak in ttusb_dec_send_command (Tomas Bortoli) [Orabug:
31351119] (CVE-2019-19533)

- NFS: Fix a performance regression in readdir (Trond Myklebust) [Orabug: 31409061]

- x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31475612] (CVE-2020-0543)

- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31475612] (CVE-2020-0543)

- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug:
31475612] (CVE-2020-0543)

- x86/cpu: Add 'table' argument to cpu_matches (Mark Gross) [Orabug: 31475612] (CVE-2020-0543)

- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31475612] (CVE-2020-0543)

- x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping (Jia Zhang) [Orabug: 31475612] (CVE-2020-0543)

- MCE: Restrict MCE banks to 6 on AMD platform (Zhenzhong Duan) [Orabug: 30000521]

- can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351141] (CVE-2019-19534)

- can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351250] (CVE-2019-19536)

- xfs: fix freeze hung (Junxiao Bi) [Orabug: 31430876]

- iscsi_target: fix mismatch spinlock unlock (Junxiao Bi) [Orabug: 31202372]


Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

Plugin Details

Severity: Medium

ID: 138416

File Name: oraclevm_OVMSA-2020-0028.nasl

Version: 1.2

Type: local

Published: 7/14/2020

Updated: 7/16/2020

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C


Risk Factor: Medium

Base Score: 6.6

Temporal Score: 5.8

Vector: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/13/2020

Vulnerability Publication Date: 11/4/2017

Reference Information

CVE: CVE-2017-16538, CVE-2019-15214, CVE-2019-19533, CVE-2019-19534, CVE-2019-19536, CVE-2020-0543