Detections
Analytics
OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0022)
medium Nessus Plugin ID 125615
Language:
Synopsis
The remote OracleVM host is missing one or more security updates.Description
The remote OracleVM system is missing necessary patches to address critical security updates :- scsi: libfc: sanitize E_D_TOV and R_A_TOV setting (Hannes Reinecke) [Orabug: 25933179]
- scsi: libfc: use configured rport E_D_TOV (Hannes Reinecke) [Orabug: 25933179]
- scsi: libfc: additional debugging messages (Hannes Reinecke) [Orabug: 25933179]
- scsi: libfc: don't advance state machine for incoming FLOGI (Hannes Reinecke) [Orabug: 25933179]
- scsi: libfc: Do not login if the port is already started (Hannes Reinecke) [Orabug: 25933179]
- scsi: libfc: Do not drop down to FLOGI for fc_rport_login (Hannes Reinecke) [Orabug: 25933179]
- scsi: libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response. (Chad Dupuis) [Orabug:
25933179]
- scsi: libfc: Fixup disc_mutex handling (Hannes Reinecke) [Orabug: 25933179]
- xve: arm ud tx cq to generate completion interrupts (Ajaykumar Hotchandani) [Orabug: 28267050]
- net: sched: run ingress qdisc without locks (Alexei Starovoitov) [Orabug: 29395374]
- bnxt_en: Fix typo in firmware message timeout logic.
(Michael Chan) [Orabug: 29412112]
- bnxt_en: Wait longer for the firmware message response to complete. (Michael Chan) [Orabug: 29412112]
- mm,vmscan: Make unregister_shrinker no-op if register_shrinker failed. (Tetsuo Handa) [Orabug:
29456281]
- X.509: Handle midnight alternative notation in GeneralizedTime (David Howells) [Orabug: 29460344] (CVE-2015-5327)
- X.509: Support leap seconds (David Howells) [Orabug:
29460344] (CVE-2015-5327)
- X.509: Fix the time validation [ver #2] (David Howells) [Orabug: 29460344] (CVE-2015-5327) (CVE-2015-5327)
- be2net: enable new Kconfig items in kernel configs (Brian Maly) [Orabug: 29475071]
- benet: remove broken and unused macro (Lubomir Rintel) [Orabug: 29475071]
- be2net: don't flip hw_features when VXLANs are added/deleted (Davide Caratti) [Orabug: 29475071]
- be2net: Fix memory leak in be_cmd_get_profile_config (Petr Oros) [Orabug: 29475071]
- be2net: Use Kconfig flag to support for enabling/disabling adapters (Petr Oros) [Orabug:
29475071]
- be2net: Mark expected switch fall-through (Gustavo A. R.
Silva) [Orabug: 29475071]
- be2net: fix spelling mistake 'seqence' -> 'sequence' (Colin Ian King) [Orabug: 29475071]
- be2net: Update the driver version to 12.0.0.0 (Suresh Reddy) [Orabug: 29475071]
- be2net: gather debug info and reset adapter (only for Lancer) on a tx-timeout (Suresh Reddy) [Orabug:
29475071]
- be2net: move rss_flags field in rss_info to ensure proper alignment (Ivan Vecera) [Orabug: 29475071]
- be2net: re-order fields in be_error_recovert to avoid hole (Ivan Vecera) [Orabug: 29475071]
- be2net: remove unused tx_jiffies field from be_tx_stats (Ivan Vecera) [Orabug: 29475071]
- be2net: move txcp field in be_tx_obj to eliminate holes in the struct (Ivan Vecera) [Orabug: 29475071]
- be2net: reorder fields in be_eq_obj structure (Ivan Vecera) [Orabug: 29475071]
- be2net: remove unused old custom busy-poll fields (Ivan Vecera) [Orabug: 29475071]
- be2net: remove unused old AIC info (Ivan Vecera) [Orabug: 29475071]
- be2net: Fix error detection logic for BE3 (Suresh Reddy) [Orabug: 29475071]
- scsi: sd: Do not override max_sectors_kb sysfs setting (Martin K. Petersen) [Orabug: 29596510]
- USB: serial: io_ti: fix div-by-zero in set_termios (Johan Hovold) [Orabug: 29487834] (CVE-2017-18360)
- bnxt_en: Drop oversize TX packets to prevent errors.
(Michael Chan) [Orabug: 29516462]
- x86/speculation: Read per-cpu value of x86_spec_ctrl_priv in x86_virt_spec_ctrl (Alejandro Jimenez) [Orabug: 29526401]
- x86/speculation: Keep enhanced IBRS on when prctl is used for SSBD control (Alejandro Jimenez) [Orabug:
29526401]
- USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (Hui Peng) [Orabug:
29605982] (CVE-2018-19985) (CVE-2018-19985)
- swiotlb: save io_tlb_used to local variable before leaving critical section (Dongli Zhang) [Orabug:
29637525]
- swiotlb: dump used and total slots when swiotlb buffer is full (Dongli Zhang) [Orabug: 29637525]
- x86/bugs, kvm: don't miss SSBD when IBRS is in use.
(Quentin Casasnovas) [Orabug: 29642113]
- cifs: Fix use after free of a mid_q_entry (Shuning Zhang) [Orabug: 29654888]
- binfmt_elf: switch to new creds when switching to new mm (Linus Torvalds) [Orabug: 29677233] (CVE-2019-11190)
- x86/microcode: Don't return error if microcode update is not needed (Boris Ostrovsky) [Orabug: 29759756]
Solution
Update the affected kernel-uek / kernel-uek-firmware packages.See Also
https://oss.oracle.com/pipermail/oraclevm-errata/2019-May/000941.html
Plugin Details
Severity: Medium
ID: 125615
File Name: oraclevm_OVMSA-2019-0022.nasl
Version: 1.5
Type: local
Family: OracleVM Local Security Checks
Published: 5/31/2019
Updated: 5/17/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.7
Temporal Score: 3.7
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2019-11190
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2015-5327
Vulnerability Information
CPE: p-cpe:/a:oracle:vm:kernel-uek-firmware, p-cpe:/a:oracle:vm:kernel-uek, cpe:/o:oracle:vm_server:3.4
Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/30/2019
Vulnerability Publication Date: 9/25/2017
Reference Information
CVE: CVE-2015-5327, CVE-2017-18360, CVE-2018-19985, CVE-2019-11190