OracleVM 3.4 : kernel-uek (OVMSA-2021-0036)

high Nessus Plugin ID 154858

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address security updates:

- Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..
(CVE-2018-1000026)

- A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.
(CVE-2019-10207)

- In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.
This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. (CVE-2019-19813)

- A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://linux.oracle.com/cve/CVE-2018-1000026.html

https://linux.oracle.com/cve/CVE-2019-10207.html

https://linux.oracle.com/cve/CVE-2019-19813.html

https://linux.oracle.com/cve/CVE-2021-3564.html

https://linux.oracle.com/errata/OVMSA-2021-0036.html

Plugin Details

Severity: High

ID: 154858

File Name: oraclevm_OVMSA-2021-0036.nasl

Version: 1.5

Type: local

Published: 11/3/2021

Updated: 5/9/2022

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2019-19813

CVSS v3

Risk Factor: High

Base Score: 7.7

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: E:U/RL:O/RC:C

CVSS Score Source: CVE-2018-1000026

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/2/2021

Vulnerability Publication Date: 2/9/2018

Reference Information

CVE: CVE-2018-1000026, CVE-2019-10207, CVE-2019-19813, CVE-2021-3564