Detections
Analytics
OracleVM 3.4 : kernel-uek (OVMSA-2023-0017)
high Nessus Plugin ID 179926
Language:
Synopsis
The remote OracleVM host is missing one or more security updates.Description
The remote OracleVM system is missing necessary patches to address security updates:- A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)
- In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)
- A use-after-free flaw was found in the Linux kernel's SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-3424)
- A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2023-1118)
- A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub- component. (CVE-2023-2269)
- A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. (CVE-2023-3159)
- ** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated When modifying the block device while it is mounted by the filesystem access.
(CVE-2023-34256)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected kernel-uek / kernel-uek-firmware packages.See Also
https://linux.oracle.com/cve/CVE-2022-1679.html
https://linux.oracle.com/cve/CVE-2022-20141.html
https://linux.oracle.com/cve/CVE-2022-3424.html
https://linux.oracle.com/cve/CVE-2023-1118.html
https://linux.oracle.com/cve/CVE-2023-2269.html
https://linux.oracle.com/cve/CVE-2023-3159.html
Plugin Details
Severity: High
ID: 179926
File Name: oraclevm_OVMSA-2023-0017.nasl
Version: 1.0
Type: local
Family: OracleVM Local Security Checks
Published: 8/17/2023
Updated: 8/17/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2022-1679
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2023-1118
Vulnerability Information
CPE: p-cpe:/a:oracle:vm:kernel-uek, cpe:/o:oracle:vm_server:3.4, p-cpe:/a:oracle:vm:kernel-uek-firmware
Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 8/3/2023
Vulnerability Publication Date: 9/30/2021
Reference Information
CVE: CVE-2022-1679, CVE-2022-20141, CVE-2022-3424, CVE-2023-1118, CVE-2023-2269, CVE-2023-3159, CVE-2023-34256