Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2021-1762)

medium Nessus Plugin ID 155325
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1762 advisory.

- A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25637)

- iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. (CVE-2020-11947)

- ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. (CVE-2020-29443)

- In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. (CVE-2020-16092)

- ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. (CVE-2020-29129)

- slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. (CVE-2020-29130)

- hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
(CVE-2020-28916)

- A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. (CVE-2020-25723)

- A flaw was found in the memory management API of QEMU during the initialization of a memory region cache.
This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. (CVE-2020-27821)

- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-28916 (CVE-2020-25707)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2021-1762.html

Plugin Details

Severity: Medium

ID: 155325

File Name: oraclelinux_ELSA-2021-1762.nasl

Version: 1.2

Type: local

Agent: unix

Published: 11/12/2021

Updated: 11/12/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2020-25637

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 6.7

Temporal Score: 5.8

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:oracle:linux:8:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:qemu-img:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:qemu-kvm:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:qemu-kvm-common:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-java:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-java-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-javadoc:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-tools:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-tools-c:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:ocaml-libguestfs:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:ocaml-libguestfs-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:perl-sys-guestfs:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:ruby-libguestfs:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-client:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-lock-sanlock:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:qemu-guest-agent:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-config-network:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-config-nwfilter:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-interface:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-network:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-nodedev:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-nwfilter:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-qemu:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-secret:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-storage:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-kvm:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-docs:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-nss:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:hivex:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:hivex-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-bash-completion:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-benchmarking:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-gfs2:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-gobject:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-gobject-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-inspect-icons:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-man-pages-ja:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-man-pages-uk:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-rescue:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-rsync:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-winsupport:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libguestfs-xfs:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libiscsi:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libiscsi-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libiscsi-utils:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-admin:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-bash-completion:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-storage-core:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-storage-disk:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-storage-gluster:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-storage-iscsi:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-storage-logical:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-storage-mpath:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-storage-rbd:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-storage-scsi:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-dbus:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-libs:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:lua-guestfs:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-bash-completion:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-basic-plugins:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-example-plugins:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:netcf:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:netcf-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:netcf-libs:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:perl-sys-virt:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:perl-hivex:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:python3-hivex:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:python3-libguestfs:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:python3-libvirt:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:qemu-kvm-block-curl:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:qemu-kvm-block-gluster:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:qemu-kvm-block-iscsi:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:qemu-kvm-block-rbd:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:qemu-kvm-block-ssh:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:qemu-kvm-core:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:ruby-hivex:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:seabios:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:seabios-bin:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:seavgabios-bin:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:sgabios:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:sgabios-bin:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:supermin:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:supermin-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:virt-dib:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:virt-v2v:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:ocaml-hivex:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:ocaml-hivex-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:qemu-kvm-tests:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libnbd:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libnbd-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:libvirt-daemon-driver-storage-iscsi-direct:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdfuse:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-basic-filters:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-curl-plugin:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-gzip-plugin:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-linuxdisk-plugin:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-python-plugin:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-server:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-ssh-plugin:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-vddk-plugin:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:nbdkit-xz-filter:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:ocaml-libnbd:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:ocaml-libnbd-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:oracle:linux:python3-libnbd:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 5/25/2021

Vulnerability Publication Date: 7/23/2020

Reference Information

CVE: CVE-2020-16092, CVE-2020-25637, CVE-2020-29130, CVE-2020-29129, CVE-2020-25723, CVE-2020-28916, CVE-2020-27821, CVE-2020-25707, CVE-2020-11947, CVE-2020-29443

IAVB: 2020-B-0041-S, 2020-B-0075