Detections
Analytics

OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0172) (Dirty COW)

high Nessus Plugin ID 105146

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - mm, thp: Do not make page table dirty unconditionally in follow_trans_huge_pmd (Kirill A. Shutemov) [Orabug:
 27200879] (CVE-2017-1000405)

 - NFS: Add static NFS I/O tracepoints (Chuck Lever)

 - storvsc: don't assume SG list is contiguous (Aruna Ramakrishna)

- fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069038] (CVE-2017-12190)

 - more bio_map_user_iov leak fixes (Al Viro) [Orabug:
 27069038] (CVE-2017-12190)

 - packet: in packet_do_bind, test fanout with bind_lock held (Willem de Bruijn) [Orabug: 27069065] (CVE-2017-15649)

 - packet: hold bind lock when rebinding to fanout hook (Willem de Bruijn) [Orabug: 27069065] (CVE-2017-15649)

 - net: convert packet_fanout.sk_ref from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 27069065] (CVE-2017-15649)

 - packet: fix races in fanout_add (Eric Dumazet) [Orabug:
 27069065] (CVE-2017-15649)

 - refcount_t: Introduce a special purpose refcount type (Peter Zijlstra) [Orabug: 27069065] (CVE-2017-15649)

 - locking/atomics: Add _[acquire|release|relaxed] variants of some atomic operations (Will Deacon) [Orabug:
 27069065] (CVE-2017-15649)

 - net: qmi_wwan: fix divide by 0 on bad descriptors (Bj&oslash rn Mork) [Orabug: 27215225] (CVE-2017-16650)

 - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148276] (CVE-2017-16527)

 - scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D. Milne) [Orabug: 27187217]

 - ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 27126129]

 - scsi: Don't abort scsi_scan due to unexpected response (John Sobecki)

- ocfs2: code clean up for direct io (Ryan Ding)

 - xscore: add dma address check (Zhu Yanjun) [Orabug:
 27076919]

 - KVM: nVMX: Fix loss of L2's NMI blocking state (Wanpeng Li) [Orabug: 27062498]

 - KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27062498]

 - KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27062498]

 - KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27062498]

 - uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard)

- thp: run vma_adjust_trans_huge outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 27026180]

 - selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001717] (CVE-2017-2618) (CVE-2017-2618) (CVE-2017-2618)

 - sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036903] (CVE-2016-9191) (CVE-2016-9191) (CVE-2016-9191)

 - KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050248] (CVE-2017-12192)

 - IB/ipoib: For sendonly join free the multicast group on leave (Christoph Lameter) [Orabug: 27077718]

 - IB/ipoib: increase the max mcast backlog queue (Doug Ledford)

- IB/ipoib: Make sendonly multicast joins create the mcast group (Doug Ledford) [Orabug: 27077718]

 - IB/ipoib: Expire sendonly multicast joins (Christoph Lameter)

- IB/ipoib: Suppress warning for send only join failures (Jason Gunthorpe) [Orabug: 27077718]

 - IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug: 27077718]

 - netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077944]

 - netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077944]

 - netns: use a spin_lock to protect nsid management (Nicolas Dichtel)

- netns: notify new nsid outside __peernet2id (Nicolas Dichtel)

- netns: rename peernet2id to peernet2id_alloc (Nicolas Dichtel)

- netns: always provide the id to rtnl_net_fill (Nicolas Dichtel)

- netns: returns always an id in __peernet2id (Nicolas Dichtel)

- Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro)

- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug:
 27037811]

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?9044d20e

Plugin Details

Severity: High

ID: 105146

File Name: oraclevm_OVMSA-2017-0172.nasl

Version: 3.6

Type: local

Published: 12/11/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/8/2017

Vulnerability Publication Date: 11/28/2016

Reference Information

CVE: CVE-2016-9191, CVE-2017-1000405, CVE-2017-12190, CVE-2017-12192, CVE-2017-15649, CVE-2017-16527, CVE-2017-16650, CVE-2017-2618