The remote OracleVM system is missing necessary patches to address critical security updates :
update 06-2d-07 to 0x71a
update 06-55-04 to 0x2006906
update 06-55-07 to 0x5002f01
merge Oracle changes for early load via dracut
enable late load on install for UEK4 kernels marked safe (except BDW-79)
set early_microcode=‘no’ in virtualized guests to avoid early load bugs [Orabug: 30618737]
Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1795353, #1795357, #1827186) :
Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28
Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f
Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26
Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c
Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22
Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc
Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157
Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906
Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01
Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01
Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc
Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6
Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6
Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6
Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6
Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6
Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6
Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6
Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6
Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6
Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6.
Update Intel CPU microcode to microcode-20200520 release (#1839193) :
Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621
Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a
Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78.
Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment models (#1835555).
Do not update 06-55-04 (SKL-SP/W/X) to revision 0x2000065, use 0x2000064 by default (#1774635).
Update Intel CPU microcode to microcode-20191115 release :
Update of 06-4e-03/0xc0 (SKL-U/Y D0) from revision 0xd4 up to 0xd6
Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) from revision 0xd4 up to 0xd6
Update of 06-8e-09/0x10 (AML-Y 2+2 H0) from revision 0xc6 up to 0xca
Update of 06-8e-09/0xc0 (KBL-U/Y H0) from revision 0xc6 up to 0xca
Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) from revision 0xc6 up to 0xca
Update of 06-8e-0b/0xd0 (WHL-U W0) from revision 0xc6 up to 0xca
Update of 06-8e-0c/0x94 (AML-Y V0, CML-U 4+2 V0, WHL-U V0) from revision 0xc6 up to 0xca
Update of 06-9e-09/0x2a (KBL-G/X H0, KBL-H/S/Xeon E3 B0) from revision 0xc6 up to 0xca
Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) from revision 0xc6 up to 0xca
Update of 06-9e-0b/0x02 (CFL-S B0) from revision 0xc6 up to 0xca
Update of 06-9e-0c/0x22 (CFL-S/Xeon E P0) from revision 0xc6 up to 0xca
Update of 06-9e-0d/0x22 (CFL-H/S R0) from revision 0xc6 up to 0xca
Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca.
Update Intel CPU microcode to microcode-20191113 release :
Update of 06-9e-0c (CFL-H/S P0) microcode from revision 0xae up to 0xc6.
Drop 0001-releasenote-changes-summary-fixes.patch.
Package the publicy available microcode-20191112 release (#1755021) :
Addition of 06-4d-08/0x1 (AVN B0/C0) microcode at revision 0x12d
Addition of 06-55-06/0xbf (CSL-SP B0) microcode at revision 0x400002c
Addition of 06-7a-08/0x1 (GLK R0) microcode at revision 0x16
Update of 06-55-03/0x97 (SKL-SP B1) microcode from revision 0x1000150 up to 0x1000151
Update of 06-55-04/0xb7 (SKL-SP H0/M0/U0, SKL-D M1) microcode from revision 0x2000064 up to 0x2000065
Update of 06-55-07/0xbf (CSL-SP B1) microcode from revision 0x500002b up to 0x500002c
Update of 06-7a-01/0x1 (GLK B0) microcode from revision 0x2e up to 0x32
Include 06-9e-0c (CFL-H/S P0) microcode from the microcode-20190918 release.
Correct the releasenote file (0001-releasenote-changes-summary-fixes.patch).
Update README.caveats with the link to the new Knowledge Base article.
Fix the incorrect ‘Source2:’ tag.
Intel CPU microcode update to 20191112, addresses CVE-2017-5715, CVE-2019-0117, CVE-2019-11135, CVE-2019-11139 (#1764049, #1764062, #1764953,
Addition of 06-a6-00/0x80 (CML-U 6+2 A0) microcode at revision 0xc6
Addition of 06-66-03/0x80 (CNL-U D0) microcode at revision 0x2a
Addition of 06-55-03/0x97 (SKL-SP B1) microcode at revision 0x1000150
Addition of 06-7e-05/0x80 (ICL-U/Y D1) microcode at revision 0x46
Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xcc to 0xd4
Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) microcode from revision 0xcc to 0xd4
Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xb4 to 0xc6
Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xb4 to 0xc6
Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) microcode from revision 0xb4 to 0xc6
Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xb8 to 0xc6
Update of 06-8e-0c/0x94 (AML-Y V0) microcode from revision 0xb8 to 0xc6
Update of 06-8e-0c/0x94 (CML-U 4+2 V0) microcode from revision 0xb8 to 0xc6
Update of 06-8e-0c/0x94 (WHL-U V0) microcode from revision 0xb8 to 0xc6
Update of 06-9e-09/0x2a (KBL-G/X H0) microcode from revision 0xb4 to 0xc6
Update of 06-9e-09/0x2a (KBL-H/S/Xeon E3 B0) microcode from revision 0xb4 to 0xc6
Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xb4 to 0xc6
Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xb4 to 0xc6
Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xb8 to 0xc6.
Do not update 06-2d-07 (SNB-E/EN/EP) to revision 0x718, use 0x714 by default (#1758382).
Revert more strict model check code, as it requires request_firmware-based microcode loading mechanism and breaks enabling of microcode with caveats.
Intel CPU microcode update to 20190918 (#1753540).
Intel CPU microcode update to 20190618 (#1717238).
Remove disclaimer, as it is not as important now to justify kmsg/log pollution its contents are partially adopted in README.caveats.
Intel CPU microcode update to 20190514a (#1711938).
Intel CPU microcode update to 20190507_Public_DEMO (#1697960).
Intel CPU microcode update to 20190312 (#1697960).
Fix disclaimer path in %post script.
Fix installation path for the disclaimer file.
Add README.caveats documentation file.
Use check_caveats from the RHEL 7 package in order to support overrides.
Disable 06-4f-01 microcode in config (#1622180).
Intel CPU microcode update to 20180807a (#1614427).
Add check for minimal microcode version to reload_microcode.
Intel CPU microcode update to 20180807.
Resolves: #1614427.
Intel CPU microcode update to 20180703
Add infrastructure for handling kernel-version-dependant microcode
Resolves: #1574593
Intel CPU microcode update to 20180613.
Resolves: #1573451
Update AMD microcode to 2018-05-24
Resolves: #1584192
Update AMD microcode
Resolves: #1574591
Update disclaimer text
Resolves: #1574588
Intel CPU microcode update to 20180425.
Resolves: #1574588
Revert Microcode from Intel and AMD for Side Channel attack
Resolves: #1533941
Update microcode data file to 20180108 revision.
Resolves: #1527354
Update Intel CPU microde for 06-3f-02, 06-4f-01, and 06-55-04
Add amd microcode_amd_fam17h.bin data file
Resolves: #1527354
Update microcode data file to 20170707 revision.
Resolves: #1465143
Revert microcode_amd_fam15h.bin to version from amd-ucode-2012-09-10
Resolves: #1322525
Update microcode data file to 20161104 revision.
Add workaround for E5-26xxv4
Resolves: #1346045
Update microcode data file to 20160714 revision.
Resolves: #1346045
Update amd microcode data file to amd-ucode-2013-11-07
Resolves: #1322525
Update microcode data file to 20151106 revision.
Resolves: #1244968
Remove bad file permissions on /lib/udev/rules.d/89-microcode.rules
Resolves: #1201276
Update microcode data file to 20150121 revision.
Resolves: #1123992
Update microcode data file to 20140624 revision.
Resolves: #1113394
Update microcode data file to 20140430 revision.
Resolves: #1036240
#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2020-0026.
#
include('compat.inc');
if (description)
{
script_id(137739);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/06");
script_cve_id(
"CVE-2017-5715",
"CVE-2019-0117",
"CVE-2019-11135",
"CVE-2019-11139",
"CVE-2020-0543",
"CVE-2020-0548",
"CVE-2020-0549"
);
script_name(english:"OracleVM 3.3 / 3.4 : microcode_ctl (OVMSA-2020-0026) (Spectre)");
script_set_attribute(attribute:"synopsis", value:
"The remote OracleVM host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :
- update 06-2d-07 to 0x71a
- update 06-55-04 to 0x2006906
- update 06-55-07 to 0x5002f01
- merge Oracle changes for early load via dracut
- enable late load on install for UEK4 kernels marked safe
(except BDW-79)
- set early_microcode='no' in virtualized guests to avoid
early load bugs [Orabug: 30618737]
- Update Intel CPU microcode to microcode-20200602
release, addresses CVE-2020-0543, CVE-2020-0548,
CVE-2020-0549 (#1795353, #1795357, #1827186) :
- Update of 06-3c-03/0x32 (HSW C0) microcode from revision
0x27 up to 0x28
- Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from
revision 0x2e up to 0x2f
- Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from
revision 0x25 up to 0x26
- Update of 06-46-01/0x32 (HSW-H C0) microcode from
revision 0x1b up to 0x1c
- Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode
from revision 0x21 up to 0x22
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from
revision 0xd6 up to 0xdc
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from
revision 0x1000151 up to 0x1000157
- Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1)
microcode (in intel-06-55-04/intel-ucode/06-55-04) from
revision 0x2000065 up to 0x2006906
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from
revision 0x400002c up to 0x4002f01
- Update of 06-55-07/0xbf (CLX-SP B1) microcode from
revision 0x500002c up to 0x5002f01
- Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from
revision 0xd6 up to 0xdc
- Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from
revision 0xca up to 0xd6
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from
revision 0xca up to 0xd6
- Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from
revision 0xca up to 0xd6
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from
revision 0xca up to 0xd6
- Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U
V0) microcode from revision 0xca up to 0xd6
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0)
microcode from revision 0xca up to 0xd6
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode
from revision 0xca up to 0xd6
- Update of 06-9e-0b/0x02 (CFL-S B0) microcode from
revision 0xca up to 0xd6
- Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from
revision 0xca up to 0xd6
- Update of 06-9e-0d/0x22 (CFL-H R0) microcode from
revision 0xca up to 0xd6.
- Update Intel CPU microcode to microcode-20200520 release
(#1839193) :
- Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode
from revision 0x61f up to 0x621
- Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode
from revision 0x718 up to 0x71a
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from
revision 0x46 up to 0x78.
- Narrow down SKL-SP/W/X blacklist to exclude
Server/FPGA/Fabric segment models (#1835555).
- Do not update 06-55-04 (SKL-SP/W/X) to revision
0x2000065, use 0x2000064 by default (#1774635).
- Update Intel CPU microcode to microcode-20191115
release :
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) from revision 0xd4
up to 0xd6
- Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) from
revision 0xd4 up to 0xd6
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) from revision
0xc6 up to 0xca
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) from revision 0xc6
up to 0xca
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) from revision
0xc6 up to 0xca
- Update of 06-8e-0b/0xd0 (WHL-U W0) from revision 0xc6 up
to 0xca
- Update of 06-8e-0c/0x94 (AML-Y V0, CML-U 4+2 V0, WHL-U
V0) from revision 0xc6 up to 0xca
- Update of 06-9e-09/0x2a (KBL-G/X H0, KBL-H/S/Xeon E3 B0)
from revision 0xc6 up to 0xca
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) from
revision 0xc6 up to 0xca
- Update of 06-9e-0b/0x02 (CFL-S B0) from revision 0xc6 up
to 0xca
- Update of 06-9e-0c/0x22 (CFL-S/Xeon E P0) from revision
0xc6 up to 0xca
- Update of 06-9e-0d/0x22 (CFL-H/S R0) from revision 0xc6
up to 0xca
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision
0xc6 up to 0xca.
- Update Intel CPU microcode to microcode-20191113
release :
- Update of 06-9e-0c (CFL-H/S P0) microcode from revision
0xae up to 0xc6.
- Drop 0001-releasenote-changes-summary-fixes.patch.
- Package the publicy available microcode-20191112 release
(#1755021) :
- Addition of 06-4d-08/0x1 (AVN B0/C0) microcode at
revision 0x12d
- Addition of 06-55-06/0xbf (CSL-SP B0) microcode at
revision 0x400002c
- Addition of 06-7a-08/0x1 (GLK R0) microcode at revision
0x16
- Update of 06-55-03/0x97 (SKL-SP B1) microcode from
revision 0x1000150 up to 0x1000151
- Update of 06-55-04/0xb7 (SKL-SP H0/M0/U0, SKL-D M1)
microcode from revision 0x2000064 up to 0x2000065
- Update of 06-55-07/0xbf (CSL-SP B1) microcode from
revision 0x500002b up to 0x500002c
- Update of 06-7a-01/0x1 (GLK B0) microcode from revision
0x2e up to 0x32
- Include 06-9e-0c (CFL-H/S P0) microcode from the
microcode-20190918 release.
- Correct the releasenote file
(0001-releasenote-changes-summary-fixes.patch).
- Update README.caveats with the link to the new Knowledge
Base article.
- Fix the incorrect 'Source2:' tag.
- Intel CPU microcode update to 20191112, addresses
CVE-2017-5715, CVE-2019-0117, CVE-2019-11135,
CVE-2019-11139 (#1764049, #1764062, #1764953,
- Addition of 06-a6-00/0x80 (CML-U 6+2 A0) microcode at
revision 0xc6
- Addition of 06-66-03/0x80 (CNL-U D0) microcode at
revision 0x2a
- Addition of 06-55-03/0x97 (SKL-SP B1) microcode at
revision 0x1000150
- Addition of 06-7e-05/0x80 (ICL-U/Y D1) microcode at
revision 0x46
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from
revision 0xcc to 0xd4
- Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0)
microcode from revision 0xcc to 0xd4
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from
revision 0xb4 to 0xc6
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from
revision 0xb4 to 0xc6
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) microcode from
revision 0xb4 to 0xc6
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from
revision 0xb8 to 0xc6
- Update of 06-8e-0c/0x94 (AML-Y V0) microcode from
revision 0xb8 to 0xc6
- Update of 06-8e-0c/0x94 (CML-U 4+2 V0) microcode from
revision 0xb8 to 0xc6
- Update of 06-8e-0c/0x94 (WHL-U V0) microcode from
revision 0xb8 to 0xc6
- Update of 06-9e-09/0x2a (KBL-G/X H0) microcode from
revision 0xb4 to 0xc6
- Update of 06-9e-09/0x2a (KBL-H/S/Xeon E3 B0) microcode
from revision 0xb4 to 0xc6
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode
from revision 0xb4 to 0xc6
- Update of 06-9e-0b/0x02 (CFL-S B0) microcode from
revision 0xb4 to 0xc6
- Update of 06-9e-0d/0x22 (CFL-H R0) microcode from
revision 0xb8 to 0xc6.
- Do not update 06-2d-07 (SNB-E/EN/EP) to revision 0x718,
use 0x714 by default (#1758382).
- Revert more strict model check code, as it requires
request_firmware-based microcode loading mechanism and
breaks enabling of microcode with caveats.
- Intel CPU microcode update to 20190918 (#1753540).
- Intel CPU microcode update to 20190618 (#1717238).
- Remove disclaimer, as it is not as important now to
justify kmsg/log pollution its contents are partially
adopted in README.caveats.
- Intel CPU microcode update to 20190514a (#1711938).
- Intel CPU microcode update to 20190507_Public_DEMO
(#1697960).
- Intel CPU microcode update to 20190312 (#1697960).
- Fix disclaimer path in %post script.
- Fix installation path for the disclaimer file.
- Add README.caveats documentation file.
- Use check_caveats from the RHEL 7 package in order to
support overrides.
- Disable 06-4f-01 microcode in config (#1622180).
- Intel CPU microcode update to 20180807a (#1614427).
- Add check for minimal microcode version to
reload_microcode.
- Intel CPU microcode update to 20180807.
- Resolves: #1614427.
- Intel CPU microcode update to 20180703
- Add infrastructure for handling kernel-version-dependant
microcode
- Resolves: #1574593
- Intel CPU microcode update to 20180613.
- Resolves: #1573451
- Update AMD microcode to 2018-05-24
- Resolves: #1584192
- Update AMD microcode
- Resolves: #1574591
- Update disclaimer text
- Resolves: #1574588
- Intel CPU microcode update to 20180425.
- Resolves: #1574588
- Revert Microcode from Intel and AMD for Side Channel
attack
- Resolves: #1533941
- Update microcode data file to 20180108 revision.
- Resolves: #1527354
- Update Intel CPU microde for 06-3f-02, 06-4f-01, and
06-55-04
- Add amd microcode_amd_fam17h.bin data file
- Resolves: #1527354
- Update microcode data file to 20170707 revision.
- Resolves: #1465143
- Revert microcode_amd_fam15h.bin to version from
amd-ucode-2012-09-10
- Resolves: #1322525
- Update microcode data file to 20161104 revision.
- Add workaround for E5-26xxv4
- Resolves: #1346045
- Update microcode data file to 20160714 revision.
- Resolves: #1346045
- Update amd microcode data file to amd-ucode-2013-11-07
- Resolves: #1322525
- Update microcode data file to 20151106 revision.
- Resolves: #1244968
- Remove bad file permissions on
/lib/udev/rules.d/89-microcode.rules
- Resolves: #1201276
- Update microcode data file to 20150121 revision.
- Resolves: #1123992
- Update microcode data file to 20140624 revision.
- Resolves: #1113394
- Update microcode data file to 20140430 revision.
- Resolves: #1036240");
script_set_attribute(attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000988.html");
script_set_attribute(attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000986.html");
script_set_attribute(attribute:"solution", value:
"Update the affected microcode_ctl package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-0549");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-11135");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:microcode_ctl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"OracleVM Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "(3\.3|3\.4)" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3 / 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"OVS3.3", reference:"microcode_ctl-1.17-33.26.0.1.el6_10")) flag++;
if (rpm_check(release:"OVS3.4", reference:"microcode_ctl-1.17-33.26.0.1.el6_10")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "microcode_ctl");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0117
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0548
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0549
oss.oracle.com/pipermail/oraclevm-errata/2020-June/000986.html
oss.oracle.com/pipermail/oraclevm-errata/2020-June/000988.html