Detections
Analytics

OracleVM 3.4 : xen (OVMSA-2022-0003)

high Nessus Plugin ID 156595

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address security updates:

 - An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.
 (CVE-2017-17044)

 - An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors. (CVE-2017-17045)

 - issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs;
 the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.) (CVE-2021-28705, CVE-2021-28709)

 - guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound. (CVE-2021-28706)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected xen / xen-tools packages.

See Also

https://linux.oracle.com/cve/CVE-2017-17044.html

https://linux.oracle.com/cve/CVE-2017-17045.html

https://linux.oracle.com/cve/CVE-2021-28705.html

https://linux.oracle.com/cve/CVE-2021-28706.html

https://linux.oracle.com/cve/CVE-2021-28709.html

https://linux.oracle.com/errata/OVMSA-2022-0003.html

Plugin Details

Severity: High

ID: 156595

File Name: oraclevm_OVMSA-2022-0003.nasl

Version: 1.3

Type: local

Published: 1/11/2022

Updated: 1/26/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-17045

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/11/2022

Vulnerability Publication Date: 11/28/2017

Reference Information

CVE: CVE-2017-17044, CVE-2017-17045, CVE-2021-28705, CVE-2021-28706, CVE-2021-28709