Detections
Analytics

OracleVM 3.3 : kernel-uek (OVMSA-2016-0046)

medium Nessus Plugin ID 90988

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - skbuff: skb_segment: orphan frags before copying (Dongli Zhang)

- RDS/IB: VRPC DELAY / OSS RECONNECT CAUSES 5 MINUTE STALL ON PORT FAILURE (Venkat Venkatsubra) [Orabug: 22888920]

 - mlx4_core: Introduce restrictions for PD update (Ajaykumar Hotchandani)

 - filename should be destroyed via final_putname instead of __putname (John Sobecki) [Orabug: 22346320]

 - RDS: Fix the atomicity for congestion map update (Wengang Wang)

- sctp: Prevent soft lockup when sctp_accept is called during a timeout event (Karl Heiss) [Orabug: 23222753] (CVE-2015-8767)

 - x86_64: expand kernel stack to 16K (Minchan Kim) [Orabug: 21140371]

 - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (Neil Horman) [Orabug: 22534160]

 - xen: remove unneeded variables and one constant (Daniel Kiper)

- Revert 'x86/xen: delay construction of mfn_list_list' (Daniel Kiper)

- ocfs2/dlm: fix misuse of list_move_tail in dlm_run_purge_list (Tariq Saeed) [Orabug: 22898384]

 - ocfs2/dlm: do not purge lockres that is queued for assert master (Xue jiufei) [Orabug: 22898384]

 - pipe: Fix buffer offset after partially failed read (Ben Hutchings) [Orabug: 22985903] (CVE-2016-0774) (CVE-2015-1805) (CVE-2016-0774)

 - xen-blkback: replace work_pending with work_busy in purge_persistent_gnt (Bob Liu) [Orabug: 22463905]

 - coredump: add new %PATCH variable in core_pattern (Herbert van den Bergh) [Orabug: 22666980]

 - veth: don&rsquo t modify ip_summed doing so treats packets with bad checksums as good. (Vijay Pandurangan) [Orabug: 22725572]

 - libiscsi: Fix host busy blocking during connection teardown (John Soni Jose) [Orabug: 22735756]

 - RDS: Add interface for receive MSG latency trace (Santosh Shilimkar)

- RDS: Add support for per socket SO_TIMESTAMP for incoming messages (Santosh Shilimkar) [Orabug: 22868366]

Solution

Update the affected kernel-uek / kernel-uek-firmware packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000457.html

Plugin Details

Severity: Medium

ID: 90988

File Name: oraclevm_OVMSA-2016-0046.nasl

Version: 2.10

Type: local

Published: 5/9/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:kernel-uek, cpe:/o:oracle:vm_server:3.3, p-cpe:/a:oracle:vm:kernel-uek-firmware

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/5/2016

Vulnerability Publication Date: 8/8/2015

Reference Information

CVE: CVE-2015-1805, CVE-2015-8767, CVE-2016-0774

BID: 74951