OracleVM 3.2 : xen (OVMSA-2017-0009)

Medium Nessus Plugin ID 96522


The remote OracleVM host is missing one or more security updates.


The remote OracleVM system is missing necessary patches to address critical security updates :

- From: Jan Beulich Subject: x86: force EFLAGS.IF on when exiting to PV guests Guest kernels modifying instructions in the process of being emulated for another of their vCPU-s may effect EFLAGS.IF to be cleared upon next exiting to guest context, by converting the being emulated instruction to CLI (at the right point in time). Prevent any such bad effects by always forcing EFLAGS.IF on. And to cover hypothetical other similar issues, also force EFLAGS.[IOPL,NT,VM] to zero. This is XSA-202.

Conflict: xen/arch/x86/x86_64/compat/entry.S (CVE-2016-10024)

- From 4d246723a85a03406e4969a260291e11b8e05960 Mon Sep 17 00:00:00 2001 x86: use MOV instead of PUSH/POP when saving/restoring register state (CVE-2016-10024)

- From: Andrew Cooper Date: Sun, 18 Dec 2016 15:42:59 +0000 Subject: [PATCH] x86/emul: Correct the handling of eflags with SYSCALL A singlestep #DB is determined by the resulting eflags value from the execution of SYSCALL, not the original eflags value. By using the original eflags value, we negate the guest kernels attempt to protect itself from a privilege escalation by masking TF. Introduce a tf boolean and have the SYSCALL emulation recalculate it after the instruction is complete. This is XSA-204

Conflict: xen/arch/x86/x86_emulate/x86_emulate.c (CVE-2016-10013)


Update the affected xen / xen-devel / xen-tools packages.

See Also

Plugin Details

Severity: Medium

ID: 96522

File Name: oraclevm_OVMSA-2017-0009.nasl

Version: $Revision: 3.6 $

Type: local

Published: 2017/01/16

Modified: 2017/02/17

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.9

Temporal Score: 4

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.2

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/01/13

Reference Information

CVE: CVE-2016-10013, CVE-2016-10024

OSVDB: 149021, 149100

IAVB: 2017-B-0008