OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0001)

high Nessus Plugin ID 144837
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- mwifiex: fix possible heap overflow in mwifiex_process_country_ie (Ganapathi Bhat) [Orabug:
30781859] (CVE-2019-14895) (CVE-2019-14895)

- ext4: fix ext4_empty_dir for directories with holes (Jan Kara) [Orabug: 31265320] (CVE-2019-19037) (CVE-2019-19037)

- netlabel: cope with NULL catmap (Paolo Abeni) [Orabug:
31350493] (CVE-2020-10711)

- scsi: mptfusion: Fix double fetch bug in ioctl (Dan Carpenter) [Orabug: 31350941] (CVE-2020-12652)

- scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo (Dan Carpenter) [Orabug: 31350941] (CVE-2020-12652)

- USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan Stern) [Orabug: 31350967] (CVE-2020-12464)

- drivers: usb: core: Minimize irq disabling in usb_sg_cancel (David Mosberger) [Orabug: 31350967] (CVE-2020-12464)

- drivers: usb: core: Don't disable irqs in usb_sg_wait during URB submit. (David Mosberger) [Orabug: 31350967] (CVE-2020-12464)

- ext4: work around deleting a file with i_nlink == 0 safely (Theodore Ts'o) [Orabug: 31351014] (CVE-2019-19447)

- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 31984319]

- xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (Josh Abraham) [Orabug:
31984319]

- ext4: fix fencepost in s_first_meta_bg validation (Theodore Ts'o) [Orabug: 32197511]

- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug:
32202000]

- sched/fair: Don't free p->numa_faults with concurrent readers (Jann Horn) [Orabug: 32212524] (CVE-2019-20934)

- netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 (Vasily Averin) [Orabug: 32222844] (CVE-2020-14305)

- perf/core: Fix race in the perf_mmap_close function (Jiri Olsa) [Orabug: 32233360] (CVE-2020-14351)

- ext4: fix calculation of meta_bg descriptor backups (Andy Leiserson) [Orabug: 32245133]

- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug:
31780626]

- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176264] (CVE-2020-28915)

- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176264] (CVE-2020-28915)

- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177993]

- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug:
32187749] (CVE-2020-28974)

- block: Fix use-after-free in blkdev_get (Jason Yan) [Orabug: 32194609] (CVE-2020-15436)

- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227971] (CVE-2020-25705)

- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722767]

- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722767]

- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug:
31722767]

- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722767]

- xfs: catch inode allocation state mismatch corruption (Gautham Ananthakrishna) [Orabug: 32071488]

- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122731] (CVE-2020-25668)

- IB/mlx4: Adjust delayed work when a dup is observed (H&aring kon Bugge) [Orabug: 32136900]

- IB/mlx4: Add support for REJ due to timeout (H&aring kon Bugge) [Orabug: 32136900]

- IB/mlx4: Fix starvation in paravirt mux/demux (H&aring kon Bugge) [Orabug: 32136900]

- IB/mlx4: Separate tunnel and wire bufs parameters (H&aring kon Bugge) [Orabug: 32136900]

- IB/mlx4: Add support for MRA (H&aring kon Bugge) [Orabug: 32136900]

- IB/mlx4: Add and improve logging (H&aring kon Bugge) [Orabug: 32136900]

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?adfe2ea2

Plugin Details

Severity: High

ID: 144837

File Name: oraclevm_OVMSA-2021-0001.nasl

Version: 1.3

Type: local

Published: 1/11/2021

Updated: 4/16/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2020-14305

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/8/2021

Vulnerability Publication Date: 11/21/2019

Reference Information

CVE: CVE-2019-14895, CVE-2019-19037, CVE-2019-19447, CVE-2019-20934, CVE-2020-10711, CVE-2020-12464, CVE-2020-12652, CVE-2020-14305, CVE-2020-14351, CVE-2020-15436, CVE-2020-25668, CVE-2020-25705, CVE-2020-28915, CVE-2020-28974