Detections
Analytics
OracleVM 3.4 : kernel-uek (OVMSA-2021-0016)
high Nessus Plugin ID 150463
Language:
Synopsis
The remote OracleVM host is missing one or more security updates.Description
The remote OracleVM system is missing necessary patches to address security updates:- In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-162844689References: Upstream kernel (CVE-2020-0465)
- In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.
User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-147802478References: Upstream kernel (CVE-2020-0466)
- A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. (CVE-2020-35508)
- A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability.
(CVE-2021-20219)
- A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.
(CVE-2021-20261)
- An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
(CVE-2021-28038)
- The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.
XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)
- A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)
- An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.
(CVE-2021-29650)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected kernel-uek / kernel-uek-firmware packages.See Also
https://linux.oracle.com/cve/CVE-2020-0465.html
https://linux.oracle.com/cve/CVE-2020-0466.html
https://linux.oracle.com/cve/CVE-2020-35508.html
https://linux.oracle.com/cve/CVE-2021-20219.html
https://linux.oracle.com/cve/CVE-2021-20261.html
https://linux.oracle.com/cve/CVE-2021-28038.html
https://linux.oracle.com/cve/CVE-2021-28688.html
https://linux.oracle.com/cve/CVE-2021-28964.html
Plugin Details
Severity: High
ID: 150463
File Name: oraclevm_OVMSA-2021-0016.nasl
Version: 1.4
Type: local
Family: OracleVM Local Security Checks
Published: 6/10/2021
Updated: 3/31/2022
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2020-0466
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4
Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 5/6/2021
Vulnerability Publication Date: 12/14/2020
Reference Information
CVE: CVE-2020-0465, CVE-2020-0466, CVE-2020-35508, CVE-2021-20219, CVE-2021-20261, CVE-2021-28038, CVE-2021-28688, CVE-2021-28964, CVE-2021-29650