OracleVM 3.1 : xen (OVMSA-2012-0034)

medium Nessus Plugin ID 79479

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- Xen Security Advisory CVE-2012-3433 / XSA-11 HVM guest destroy p2m teardown host DoS vulnerability An HVM guest is able to manipulate its physical address space such that tearing down the guest takes an extended period amount of time searching for shared pages. This causes the domain 0 VCPU which tears down the domain to be blocked in the destroy hypercall. This causes that domain 0 VCPU to become unavailable and may cause the domain 0 kernel to panic. There is no requirement for memory sharing to be in use. From the patch description:
xen: only check for shared pages while any exist on teardown Avoids worst case behavour when guest has a large p2m. This is XSA-11 / CVE-2012-nnn

- Xen Security Advisory XSA-10 HVM guest user mode MMIO emulation DoS vulnerability Internal data of the emulator for MMIO operations may, under certain rare conditions, at the end of one emulation cycle be left in a state affecting a subsequent emulation such that this second emulation would fail, causing an exception to be reported to the guest kernel where none is expected.
NOTE: No CVE number! The patch description is as follow:
x86/hvm: don't leave emulator in inconsistent state The fact that handle_mmio, and thus the instruction emulator, is being run through twice for emulations that require involvement of the device model, allows for the second run to see a different guest state than the first one. Since only the MMIO-specific emulation routines update the vCPU's io_state, if they get invoked on the second pass, internal state (and particularly this variable) can be left in a state making successful emulation of a subsequent MMIO operation impossible.
Consequently, whenever the emulator invocation returns without requesting a retry of the guest instruction, reset io_state.

- Add 'allowhugepage' flag as a synonym for 'allowsuperpage' for compatibility with previous releases.

Solution

Update the affected xen / xen-devel / xen-tools packages.

See Also

http://www.nessus.org/u?6b78b0f8

Plugin Details

Severity: Medium

ID: 79479

File Name: oraclevm_OVMSA-2012-0034.nasl

Version: 1.4

Type: local

Published: 11/26/2014

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 4.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:xen, p-cpe:/a:oracle:vm:xen-devel, p-cpe:/a:oracle:vm:xen-tools, cpe:/o:oracle:vm_server:3.1

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/9/2012

Vulnerability Publication Date: 11/24/2012

Reference Information

CVE: CVE-2012-3433

BID: 54942