OracleVM 2.1 : kernel (OVMSA-2009-0023)

High Nessus Plugin ID 79465


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- backport for online resize of blockdev [orabug 8585251] [rh bugz 444964]

- CVE-2009-2692 - [net] make sock_sendpage use kernel_sendpage (Jiri Pirko) [517445 516955]

- CVE-2009-2698 - [net] prevent null pointer dereference in udp_sendmsg (Vitaly Mayatskikh) [518047 518043]

- Updated cciss module to 3.6.20

- update bnx2x 1.48.107

- update bnx2 1.8.8b

- update bfa to [bugz 9518]

- Fix dom0 crash in loopback_start_xmit+0x107/0x2BD [bug 7634343]


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 79465

File Name: oraclevm_OVMSA-2009-0023.nasl

Version: 1.10

Type: local

Published: 2014/11/26

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-BOOT, p-cpe:/a:oracle:vm:kernel-BOOT-devel, p-cpe:/a:oracle:vm:kernel-kdump, p-cpe:/a:oracle:vm:kernel-kdump-devel, p-cpe:/a:oracle:vm:kernel-ovs, p-cpe:/a:oracle:vm:kernel-ovs-devel, cpe:/o:oracle:vm_server:2.1

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/10/15

Vulnerability Publication Date: 2009/08/14

Exploitable With


Core Impact

Metasploit (Linux Kernel Sendpage Local Privilege Escalation)

Reference Information

CVE: CVE-2009-2692, CVE-2009-2698

BID: 36038, 36108

CWE: 119