Detections
Analytics

OracleVM 3.4 : kernel-uek (OVMSA-2022-0014)

high Nessus Plugin ID 160505

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address security updates:

 - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:
 Upstream kernel (CVE-2021-0920)

 - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)

 - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)

 - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)

 - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)

 - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)

 - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
 (CVE-2021-45095)

 - In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. (CVE-2021-45868)

 - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://linux.oracle.com/cve/CVE-2021-0920.html

https://linux.oracle.com/cve/CVE-2021-3573.html

https://linux.oracle.com/cve/CVE-2021-4002.html

https://linux.oracle.com/cve/CVE-2021-4149.html

https://linux.oracle.com/cve/CVE-2021-4157.html

https://linux.oracle.com/cve/CVE-2021-4203.html

https://linux.oracle.com/cve/CVE-2021-45095.html

https://linux.oracle.com/cve/CVE-2021-45868.html

https://linux.oracle.com/cve/CVE-2022-0617.html

https://linux.oracle.com/cve/CVE-2022-1016.html

https://linux.oracle.com/errata/OVMSA-2022-0014.html

Plugin Details

Severity: High

ID: 160505

File Name: oraclevm_OVMSA-2022-0014.nasl

Version: 1.6

Type: local

Published: 5/4/2022

Updated: 4/25/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-4157

CVSS v3

Risk Factor: High

Base Score: 8

Temporal Score: 7.4

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, p-cpe:/a:oracle:vm:kernel-uek-firmware, cpe:/o:oracle:vm_server:3.4

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/3/2022

Vulnerability Publication Date: 6/8/2021

CISA Known Exploited Vulnerability Due Dates: 6/13/2022

Reference Information

CVE: CVE-2021-0920, CVE-2021-3573, CVE-2021-4002, CVE-2021-4149, CVE-2021-4157, CVE-2021-4203, CVE-2021-45095, CVE-2021-45868, CVE-2022-0617, CVE-2022-1016