The remote OracleVM system is missing necessary patches to address security updates:

  - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and     unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)

  - There is a flaw reported in the Linux kernel in versions before 5.9 in     drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue     results from the lack of validating the existence of an object prior to performing operations on the     object. An attacker with a local account with a root privilege, can leverage this vulnerability to     escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)

  - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel     (CVE-2022-20368)

  - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of     actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()     function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This     flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)

  - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and     incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted     IRC with nf_conntrack_irc configured. (CVE-2022-2663)

  - A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue     is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The     manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier     of this vulnerability is VDB-211088. (CVE-2022-3565)

  - A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects     the function vsock_connect of the file net/vmw_vsock/af_vsock.c of the component IPsec. The manipulation     leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier     assigned to this vulnerability. (CVE-2022-3629)

  - drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information     from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
    (CVE-2022-40768)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

OracleVM 3.4 : kernel-uek (OVMSA-2022-0031)

high Nessus Plugin ID 168502

Version 1.4

Version 1.3

Version 1.2

Version 1.4 Feb 7, 2023, 2:16 PM CVSS metrics ("CVSSv3 score" changed from "8.0" to "7.8") CVSS metrics ("CVSSv3 vector" changed from "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") Plugin Feed: 202302071416
Version 1.3 Dec 13, 2022, 2:03 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202212131403
Version 1.2 Dec 8, 2022, 7:52 PM New Plugin Feed: 202212081952