OracleVM 3.4 : kernel-uek (OVMSA-2024-0011)

high Nessus Plugin ID 206615

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address security updates:

[4.1.12-124.89.4]- isdn: mISDN: netjet: Fix crash in nj_probe: (Zheyu Ma) [Orabug: 36940405] {CVE-2021-47284}- tracing: Restructure trace_clock_global() to never block (Steven Rostedt (VMware)) [Orabug: 36940388] {CVE-2021-46939}- udf: Fix NULL pointer dereference in udf_symlink function (Arturo Giusti) [Orabug: 36806640] {CVE-2021-47353}- media: pvrusb2: fix use after free on context disconnection (Ricardo B. Marliere) [Orabug: 36802294] {CVE-2023-52445}- vt: fix memory overlapping when deleting chars in the buffer (Yangxi Xiang) [Orabug: 36802212] {CVE-2022-48627}- tty: n_gsm: fix possible out-of- bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678070] {CVE-2024-36016}- netfilter: nftables:
exthdr: fix 4-byte stack OOB write (Florian Westphal) [Orabug: 36654631] {CVE-2023-52628}- dm: call the resume method on internal suspend (Mikulas Patocka) [Orabug: 36544879] {CVE-2024-26880}- net/bnx2x:
Prevent access to a freed page in page_pool (Thinh Tran) [Orabug: 36544783] {CVE-2024-26859}- x86, relocs: Ignore relocations in .notes section (Kees Cook) [Orabug: 36531115] {CVE-2024-26816}- netlink:
Fix kernel-infoleak-after-free in __skb_datagram_iter (Ryosuke Yasuoka) [Orabug: 36531057] {CVE-2024-26805}- fbdev: savage: Error out if pixclock equals zero (Fullway Wang) [Orabug: 36530913] {CVE-2024-26778}- ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li) [Orabug:
36530519] {CVE-2024-26704}- sr9800: Add check for usbnet_get_endpoints (Chen Ni) [Orabug: 36530183] {CVE-2024-26651}- llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima) [Orabug: 36530047] {CVE-2024-26635}- netfilter: nf_tables: Reject tables of unsupported family (Phil Sutter) [Orabug:
36192155] {CVE-2023-6040}[4.1.12-124.89.3]- wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang) [Orabug: 36802321] {CVE-2023-52594}- batman-adv: Avoid infinite loop trying to resize local TT (Sven Eckelmann) [Orabug: 36643464] {CVE-2024-35982}- Bluetooth: Fix memory leak in hci_req_sync_complete() (Dmitry Antipov) [Orabug: 36643456] {CVE-2024-35978}- VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() (Harshit Mogalapalli) [Orabug: 36643323] {CVE-2024-35944}- fbmon: prevent division by zero in fb_videomode_from_videomode() (Roman Smirnov) [Orabug: 36643194] {CVE-2024-35922}[4.1.12-124.89.2]- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (Wenchao Hao) [Orabug: 36901390] {CVE-2023-52809}- net: usb: fix memory leak in smsc75xx_bind (Pavel Skripkin) [Orabug: 36802200] {CVE-2021-47171}- i2c: i801: Don't generate an interrupt on bus reset (Jean Delvare) [Orabug: 36792714] {CVE-2021-47153}- pid: take a reference when initializing cad_pid (Mark Rutland) [Orabug: 36792687] {CVE-2021-47118}- drm/vmwgfx: Fix invalid reads in fence signaled events (Zack Rusin) [Orabug: 36691531] {CVE-2024-36960}- firewire: ohci: mask bus reset interrupts between ISR and bottom half (Adam Goldman) [Orabug: 36683507] {CVE-2024-36950}- scsi:
bnx2fc: Remove spin_lock_bh while releasing resources after upload (Saurav Kashyap) [Orabug: 36683370] {CVE-2024-36919}- net: fix out-of-bounds access in ops_init (Thadeu Lima de Souza Cascardo) [Orabug:
36683115] {CVE-2024-36883}- netfilter: nf_tables: disallow timeout for anonymous sets (Pablo Neira Ayuso) [Orabug: 36654625] {CVE-2023-52620}- team: fix null-ptr-deref when team device type is changed (Ziyang Xuan) [Orabug: 36654606] {CVE-2023-52574}[4.1.12-124.89.1]- tcp: do not accept ACK of bytes we never sent (Eric Dumazet) [Orabug: 36806731] {CVE-2023-52881}- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path (Miko Larsson) [Orabug: 36806698] {CVE-2023-52703}- hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu) [Orabug: 36806668] {CVE-2023-52615}- mISDN: fix possible use- after-free in HFC_cleanup() (Zou Wei) [Orabug: 36806645] {CVE-2021-47356}- net: ti: fix UAF in tlan_remove_one (Pavel Skripkin) [Orabug: 36806628] {CVE-2021-47310}- net: cdc_eem: fix tx fixup skb leak (Linyu Yuan) [Orabug: 36806622] {CVE-2021-47236}- usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Canuelo) [Orabug: 36802300] {CVE-2023-52477}- USB: add quirk for devices with broken LPM (Alan Stern) [Orabug: 36802300] {CVE-2023-52477}- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu) [Orabug: 36544991] {CVE-2024-26903}- Bluetooth: Avoid potential use- after-free in hci_error_reset (Ying Hsu) [Orabug: 36531042] {CVE-2024-26801}- ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Baokun Li) [Orabug: 36530881] {CVE-2024-26772}- inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet) [Orabug: 36530348] {CVE-2024-26679}- ppp_async: limit MRU to 64K (Eric Dumazet) [Orabug: 36530335] {CVE-2024-26675}

Tenable has extracted the preceding description block directly from the OracleVM security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

Plugin Details

Severity: High

ID: 206615

File Name: oraclevm_OVMSA-2024-0011.nasl

Version: 1.1

Type: local

Family: OracleVM Local Security Checks

Published: 9/4/2024

Updated: 9/4/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-6040

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, cpe:/o:oracle:vm_server:3.4, p-cpe:/a:oracle:vm:kernel-uek-firmware

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/3/2024

Vulnerability Publication Date: 7/14/2021

Reference Information

CVE: CVE-2021-46939, CVE-2021-47118, CVE-2021-47153, CVE-2021-47171, CVE-2021-47236, CVE-2021-47284, CVE-2021-47310, CVE-2021-47353, CVE-2021-47356, CVE-2022-48627, CVE-2023-52445, CVE-2023-52477, CVE-2023-52574, CVE-2023-52594, CVE-2023-52615, CVE-2023-52620, CVE-2023-52628, CVE-2023-52703, CVE-2023-52809, CVE-2023-52881, CVE-2023-6040, CVE-2024-26635, CVE-2024-26651, CVE-2024-26675, CVE-2024-26679, CVE-2024-26704, CVE-2024-26772, CVE-2024-26778, CVE-2024-26801, CVE-2024-26805, CVE-2024-26816, CVE-2024-26859, CVE-2024-26880, CVE-2024-26903, CVE-2024-35922, CVE-2024-35944, CVE-2024-35978, CVE-2024-35982, CVE-2024-36016, CVE-2024-36883, CVE-2024-36919, CVE-2024-36950, CVE-2024-36960

Detections

Analytics