OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0054)

medium Nessus Plugin ID 143454
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- qla2xxx: disable target reset during link reset and update version (Quinn Tran) [Orabug: 32095664] - scsi:
qla2xxx: Fix early srb free on abort (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (Masanari Iida) [Orabug:
32095664] - scsi: qla2xxx: Enable Async TMF processing [Orabug: 32095664] - qla2xxx: tweak debug message for task management path (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (Arun Easi) [Orabug: 32095664] - scsi: qla2xxx:
Fix fabric scan hang (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Do command completion on abort timeout (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix abort timeout race condition. (Quinn Tran) [Orabug:
32095664] - scsi: qla2xxx: Fix race between switch cmd completion and timeout (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx:v2: Fix double scsi_done for abort path (Quinn Tran) [Orabug: 32095664]
- scsi: qla2xxx: v2 Fix a race condition between aborting and completing a SCSI command (Bart Van Assche) [Orabug: 32095664] - scsi: qla2xxx: Really fix qla2xxx_eh_abort (Bart Van Assche) [Orabug: 32095664] - scsi: qla2xxx: v2 Reject EH_[abort|device_reset|target_request] (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: v2: Fix race conditions in the code for aborting SCSI commands (Bart Van Assche) [Orabug: 32095664]

- IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31512608]

- block: Move part of bdi_destory to del_gendisk as bdi_unregister. (Jan Kara) [Orabug: 32124131] - kernel:
add panic_on_taint (Rafael Aquini) [Orabug: 32138039]

- drm/vmwgfx: Make sure backup_handle is always valid (Sinclair Yeh) [Orabug: 31352076] (CVE-2017-9605)

- random32: move the pseudo-random 32-bit definitions to prandom.h (Linus Torvalds) [Orabug: 31698086] (CVE-2020-16166)

- random32: remove net_rand_state from the latent entropy gcc plugin (Linus Torvalds) [Orabug: 31698086] (CVE-2020-16166)

- random: fix circular include dependency on arm64 after addition of percpu.h (Willy Tarreau) [Orabug: 31698086] (CVE-2020-16166)

- random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698086] (CVE-2020-16166)

- x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021856] - kvm: x86: do not leak guest xcr0 into host interrupt handlers (David Matlack) [Orabug: 32021856]

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?d523adc2

Plugin Details

Severity: Medium

ID: 143454

File Name: oraclevm_OVMSA-2020-0054.nasl

Version: 1.2

Type: local

Published: 12/3/2020

Updated: 12/7/2020

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/2/2020

Vulnerability Publication Date: 6/13/2017

Reference Information

CVE: CVE-2017-9605, CVE-2020-16166