Synopsis
The remote OracleVM host is missing one or more security updates.
Description
The remote OracleVM system is missing necessary patches to address security updates:
- In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used. (CVE-2017-18216)
- In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)
- Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. (CVE-2019-10220)
- Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. (CVE-2019-19063)
- A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. (CVE-2019-19066)
- A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
(CVE-2019-19074)
- A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.
As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8. (CVE-2019-3901)
- An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. (CVE-2020-12771)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected kernel-uek / kernel-uek-firmware packages.
Plugin Details
File Name: oraclevm_OVMSA-2021-0035.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4
Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list
Exploit Ease: Exploits are available
Patch Publication Date: 10/11/2021
Vulnerability Publication Date: 4/25/2016
Reference Information
CVE: CVE-2017-11089, CVE-2017-18216, CVE-2018-9517, CVE-2019-10220, CVE-2019-17133, CVE-2019-19063, CVE-2019-19066, CVE-2019-19074, CVE-2019-19448, CVE-2019-3900, CVE-2019-3901, CVE-2020-12114, CVE-2020-12771, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26142, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147, CVE-2020-27067, CVE-2021-0512, CVE-2021-0605, CVE-2021-3612, CVE-2021-3655, CVE-2021-3679, CVE-2021-3715, CVE-2021-38160, CVE-2021-40490