OracleVM 2.1 : kernel (OVMSA-2009-0023)

high Nessus Plugin ID 79465


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- backport for online resize of blockdev [orabug 8585251] [rh bugz 444964]

- CVE-2009-2692 - [net] make sock_sendpage use kernel_sendpage (Jiri Pirko) [517445 516955]

- CVE-2009-2698 - [net] prevent null pointer dereference in udp_sendmsg (Vitaly Mayatskikh) [518047 518043]

- Updated cciss module to 3.6.20

- update bnx2x 1.48.107

- update bnx2 1.8.8b

- update bfa to [bugz 9518]

- Fix dom0 crash in loopback_start_xmit+0x107/0x2BD [bug 7634343]


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 79465

File Name: oraclevm_OVMSA-2009-0023.nasl

Version: 1.11

Type: local

Published: 11/26/2014

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information


Risk Factor: Critical

Score: 9.6


Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-boot, p-cpe:/a:oracle:vm:kernel-boot-devel, p-cpe:/a:oracle:vm:kernel-kdump, p-cpe:/a:oracle:vm:kernel-kdump-devel, p-cpe:/a:oracle:vm:kernel-ovs, p-cpe:/a:oracle:vm:kernel-ovs-devel, cpe:/o:oracle:vm_server:2.1

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/15/2009

Vulnerability Publication Date: 8/14/2009

Exploitable With


Core Impact

Metasploit (Linux Kernel Sendpage Local Privilege Escalation)

Reference Information

CVE: CVE-2009-2692, CVE-2009-2698

BID: 36038, 36108

CWE: 119