Detections
Analytics

Oracle Linux 8 : kvm_utils3 (ELSA-2023-12855)

high Nessus Plugin ID 182741

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12855 advisory.

 - A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. (CVE-2023-3301)

 - A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service. (CVE-2023-3255)

 - A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. (CVE-2023-2700)

 - A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. (CVE-2023-3354)

 - A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon. (CVE-2023-3750)

 - A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. (CVE-2023-0330)

 - A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.
 (CVE-2023-3180)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2023-12855.html

Plugin Details

Severity: High

ID: 182741

File Name: oraclelinux_ELSA-2023-12855.nasl

Version: 1.1

Type: local

Agent: unix

Published: 10/7/2023

Updated: 12/18/2023

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2023-3354

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:libguestfs-devel, p-cpe:/a:oracle:linux:libnbd-devel, p-cpe:/a:oracle:linux:libvirt-daemon, p-cpe:/a:oracle:linux:libvirt-daemon-driver-secret, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi, p-cpe:/a:oracle:linux:seabios-bin, p-cpe:/a:oracle:linux:swtpm-libs, p-cpe:/a:oracle:linux:libvirt-client-qemu, p-cpe:/a:oracle:linux:libvirt-daemon-kvm, p-cpe:/a:oracle:linux:nbdkit-devel, p-cpe:/a:oracle:linux:netcf, p-cpe:/a:oracle:linux:python3-libguestfs, p-cpe:/a:oracle:linux:qemu-virtiofsd, p-cpe:/a:oracle:linux:supermin-devel, p-cpe:/a:oracle:linux:swtpm-tools, p-cpe:/a:oracle:linux:libguestfs-inspect-icons, p-cpe:/a:oracle:linux:libnbd, p-cpe:/a:oracle:linux:libvirt, p-cpe:/a:oracle:linux:nbdkit-gzip-plugin, p-cpe:/a:oracle:linux:nbdkit-tmpdisk-plugin, p-cpe:/a:oracle:linux:qemu-kvm, p-cpe:/a:oracle:linux:virt-v2v-man-pages-uk, cpe:/a:oracle:linux:8::kvm_appstream, p-cpe:/a:oracle:linux:libguestfs-java, p-cpe:/a:oracle:linux:libiscsi-utils, p-cpe:/a:oracle:linux:libvirt-client, p-cpe:/a:oracle:linux:libvirt-daemon-driver-network, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-scsi, p-cpe:/a:oracle:linux:libvirt-devel, p-cpe:/a:oracle:linux:libvirt-libs, p-cpe:/a:oracle:linux:netcf-devel, p-cpe:/a:oracle:linux:virt-dib, p-cpe:/a:oracle:linux:libguestfs-tools-c, p-cpe:/a:oracle:linux:libvirt-daemon-config-nwfilter, p-cpe:/a:oracle:linux:libvirt-dbus, p-cpe:/a:oracle:linux:libvirt-lock-sanlock, p-cpe:/a:oracle:linux:nbdkit-ssh-plugin, p-cpe:/a:oracle:linux:qemu-img, p-cpe:/a:oracle:linux:seavgabios-bin, p-cpe:/a:oracle:linux:libguestfs-gfs2, p-cpe:/a:oracle:linux:libguestfs-java-devel, p-cpe:/a:oracle:linux:libtpms-devel, p-cpe:/a:oracle:linux:libvirt-wireshark, p-cpe:/a:oracle:linux:lua-guestfs, p-cpe:/a:oracle:linux:nbdkit-curl-plugin, p-cpe:/a:oracle:linux:qemu-kvm-block-iscsi, p-cpe:/a:oracle:linux:libguestfs-javadoc, p-cpe:/a:oracle:linux:libguestfs-man-pages-ja, p-cpe:/a:oracle:linux:libguestfs-rescue, p-cpe:/a:oracle:linux:libvirt-daemon-driver-nwfilter, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-core, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-disk, p-cpe:/a:oracle:linux:python3-hivex, p-cpe:/a:oracle:linux:ruby-libguestfs, p-cpe:/a:oracle:linux:sgabios, p-cpe:/a:oracle:linux:swtpm-tools-pkcs11, p-cpe:/a:oracle:linux:hivex-devel, p-cpe:/a:oracle:linux:nbdkit-bash-completion, p-cpe:/a:oracle:linux:nbdkit-basic-filters, p-cpe:/a:oracle:linux:nbdkit-basic-plugins, p-cpe:/a:oracle:linux:nbdkit-python-plugin, p-cpe:/a:oracle:linux:qemu-guest-agent, p-cpe:/a:oracle:linux:sgabios-bin, p-cpe:/a:oracle:linux:libguestfs-gobject-devel, p-cpe:/a:oracle:linux:libguestfs-tools, p-cpe:/a:oracle:linux:libguestfs-winsupport, p-cpe:/a:oracle:linux:libvirt-nss, p-cpe:/a:oracle:linux:nbdkit-gzip-filter, p-cpe:/a:oracle:linux:netcf-libs, p-cpe:/a:oracle:linux:python3-libvirt, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:libvirt-daemon-driver-interface, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-logical, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-mpath, p-cpe:/a:oracle:linux:nbdkit-server, p-cpe:/a:oracle:linux:perl-sys-virt, p-cpe:/a:oracle:linux:qemu-kvm-block-ssh, p-cpe:/a:oracle:linux:qemu-kvm-common, p-cpe:/a:oracle:linux:virt-v2v, p-cpe:/a:oracle:linux:hivex, p-cpe:/a:oracle:linux:libguestfs-bash-completion, p-cpe:/a:oracle:linux:libnbd-bash-completion, p-cpe:/a:oracle:linux:nbdkit-tar-plugin, p-cpe:/a:oracle:linux:python3-libnbd, p-cpe:/a:oracle:linux:qemu-kvm-block-curl, p-cpe:/a:oracle:linux:seabios, p-cpe:/a:oracle:linux:swtpm, p-cpe:/a:oracle:linux:libguestfs-appliance, p-cpe:/a:oracle:linux:libguestfs-gobject, p-cpe:/a:oracle:linux:libguestfs-man-pages-uk, p-cpe:/a:oracle:linux:libguestfs-rsync, p-cpe:/a:oracle:linux:libiscsi-devel, p-cpe:/a:oracle:linux:libvirt-daemon-config-network, p-cpe:/a:oracle:linux:libvirt-daemon-driver-nodedev, p-cpe:/a:oracle:linux:nbdkit, p-cpe:/a:oracle:linux:nbdkit-vddk-plugin, p-cpe:/a:oracle:linux:qemu-kvm-block-rbd, p-cpe:/a:oracle:linux:ruby-hivex, p-cpe:/a:oracle:linux:libguestfs-xfs, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-gluster, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-rbd, p-cpe:/a:oracle:linux:nbdkit-nbd-plugin, p-cpe:/a:oracle:linux:qemu-kvm-block-gluster, p-cpe:/a:oracle:linux:supermin, p-cpe:/a:oracle:linux:libtpms, p-cpe:/a:oracle:linux:libvirt-daemon-driver-qemu, p-cpe:/a:oracle:linux:libvirt-daemon-driver-storage-iscsi-direct, p-cpe:/a:oracle:linux:nbdkit-example-plugins, p-cpe:/a:oracle:linux:nbdkit-linuxdisk-plugin, p-cpe:/a:oracle:linux:perl-sys-guestfs, p-cpe:/a:oracle:linux:perl-hivex, p-cpe:/a:oracle:linux:qemu-kvm-core, p-cpe:/a:oracle:linux:swtpm-devel, p-cpe:/a:oracle:linux:virt-v2v-man-pages-ja, p-cpe:/a:oracle:linux:libvirt-docs, p-cpe:/a:oracle:linux:nbdfuse, p-cpe:/a:oracle:linux:nbdkit-tar-filter, p-cpe:/a:oracle:linux:virt-v2v-bash-completion, p-cpe:/a:oracle:linux:libguestfs, p-cpe:/a:oracle:linux:libiscsi, p-cpe:/a:oracle:linux:nbdkit-xz-filter

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 10/7/2023

Vulnerability Publication Date: 3/6/2023

Reference Information

CVE: CVE-2023-0330, CVE-2023-2700, CVE-2023-3180, CVE-2023-3255, CVE-2023-3301, CVE-2023-3354, CVE-2023-3750