OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0010) (Meltdown) (Spectre)

medium Nessus Plugin ID 106120

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27363926] [Orabug:
27352353] (CVE-2017-5754)

- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug:
27369994]

- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27362581]

- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27363792]

- x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715)

- x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27339995] (CVE-2017-5715)

- ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27339995] (CVE-2017-5715)

- x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug:
27339995] (CVE-2017-5715)

- x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715)

- x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715)

- x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715)

- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug:
27365544] (CVE-2017-5715)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

http://www.nessus.org/u?fbc9b05d

Plugin Details

Severity: Medium

ID: 106120

File Name: oraclevm_OVMSA-2018-0010.nasl

Version: 3.6

Type: local

Published: 1/18/2018

Updated: 9/27/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/17/2018

Vulnerability Publication Date: 1/4/2018

Reference Information

CVE: CVE-2017-5715, CVE-2017-5754

IAVA: 2018-A-0019, 2018-A-0020