OracleVM 3.2 : xen (OVMSA-2014-0026)

High Nessus Plugin ID 79542


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- x86/HVM: properly bound x2APIC MSR range This is XSA-108. Additional changelog comments added to 4.1.3-25.el5.94.1.3 (CVE-2014-7188)

- Fix for bug 19698532

- x86emul: only emulate software interrupt injection for real mode Protected mode emulation currently lacks proper privilege checking of the referenced IDT entry, and there's currently no legitimate way for any of the respective instructions to reach the emulator when the guest is in protected mode. This is XSA-106.

- x86/emulate: check cpl for all privileged instructions Without this, it is possible for userspace to load its own IDT or GDT. This is XSA-105. (CVE-2014-7155)


Update the affected xen / xen-devel / xen-tools packages.

See Also

Plugin Details

Severity: High

ID: 79542

File Name: oraclevm_OVMSA-2014-0026.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2014/11/26

Modified: 2017/02/14

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/10/01

Reference Information

CVE: CVE-2014-7155, CVE-2014-7156, CVE-2014-7188

BID: 70057, 70062, 70198

OSVDB: 112435