OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0018) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

medium Nessus Plugin ID 125105

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk) [Orabug: 29721935] (CVE-2019-11091)

- x86/microcode: Add loader version file in debugfs (Boris Ostrovsky) [Orabug: 29754165]

- x86/microcode: Fix CPU synchronization routine (Borislav Petkov) [Orabug: 29754165]

- x86/microcode: Synchronize late microcode loading (Borislav Petkov) [Orabug: 29754165]

- x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Konrad Rzeszutek Wilk) [Orabug:
29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: update mds_mitigation to reflect debugfs configuration (Mihai Carabas) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: fix microcode late loading (Mihai Carabas) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Add boot option to enable MDS protection only while in idle (Boris Ostrovsky) [Orabug:
29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh Poimboeuf) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- Documentation: Add MDS vulnerability documentation (Thomas Gleixner) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- Documentation: Move L1TF to separate directory (Thomas Gleixner) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas Gleixner) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Add mds_clear_cpu_buffers (Thomas Gleixner) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127) (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/msr-index: Cleanup bit defines (Thomas Gleixner) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

- x86/speculation: Simplify the CPU bug detection logic (Dominik Brodowski) [Orabug: 29526900] (CVE-2018-12126) (CVE-2018-12130) (CVE-2018-12127)

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2019-May/000940.html

Plugin Details

Severity: Medium

ID: 125105

File Name: oraclevm_OVMSA-2019-0018.nasl

Version: 1.7

Type: local

Published: 5/15/2019

Updated: 5/28/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2019-11091

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, cpe:/o:oracle:vm_server:3.4, p-cpe:/a:oracle:vm:kernel-uek-firmware

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/14/2019

Vulnerability Publication Date: 5/30/2019

Reference Information

CVE: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091