Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2022-0011.NASL
HistoryApr 05, 2022 - 12:00 a.m.

OracleVM 3.4 : kernel-uek (OVMSA-2022-0011)

2022-04-0500:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
JSON

The remote OracleVM system is missing necessary patches to address security updates:

  • An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim’s TCP session or terminate that session. (CVE-2020-36516)

  • A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)

  • A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)

  • A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)

  • An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were
# extracted from OracleVM Security Advisory OVMSA-2022-0011.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159525);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/06");

  script_cve_id(
    "CVE-2020-36516",
    "CVE-2021-3772",
    "CVE-2021-20322",
    "CVE-2022-0330",
    "CVE-2022-26966"
  );

  script_name(english:"OracleVM 3.4 : kernel-uek (OVMSA-2022-0011)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OracleVM host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote OracleVM system is missing necessary patches to address security updates:

  - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the
    hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session
    or terminate that session. (CVE-2020-36516)

  - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux
    kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an
    off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this
    vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source
    port randomization are indirectly affected as well. (CVE-2021-20322)

  - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP
    association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and
    the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)

  - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the
    way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or
    escalate their privileges on the system. (CVE-2022-0330)

  - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to
    obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/cve/CVE-2020-36516.html");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/cve/CVE-2021-20322.html");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/cve/CVE-2021-3772.html");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/cve/CVE-2022-0330.html");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/cve/CVE-2022-26966.html");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/OVMSA-2022-0011.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel-uek / kernel-uek-firmware packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3772");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-0330");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/12/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"OracleVM Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}
include('ksplice.inc');
include('rpm.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
  var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
  var fixed_uptrack_levels = ['4.1.12-124.61.2.el6uek'];
  foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
    if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
    {
      audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for OVMSA-2022-0011');
    }
  }
  __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}

var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '4.1';
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);

var pkgs = [
    {'reference':'kernel-uek-4.1.12-124.61.2.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},
    {'reference':'kernel-uek-firmware-4.1.12-124.61.2.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var sp = NULL;
  var cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = 'OVS' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {
    if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-firmware');
}
VendorProductVersionCPE
oraclevmkernel-uekp-cpe:/a:oracle:vm:kernel-uek
oraclevmkernel-uek-firmwarep-cpe:/a:oracle:vm:kernel-uek-firmware
oraclevm_server3.4cpe:/o:oracle:vm_server:3.4

Related

oraclelinux 5
nessus 77
debiancve 5
prion 5
ubuntucve 5
redhatcve 5
veracode 5
cve 5
cnvd 2
cbl_mariner 6
openvas 23
fedora 3
osv 5
photon 7
mageia 4
redhat 17
f5 1
ibm 3
trellix 2
virtuozzo 1
amazon 4
suse 3
ubuntu 3
cloudfoundry 1
rocky 2
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2022-04-05 00:00:00
Unbreakable Enterprise kernel-container security update
2022-04-25 00:00:00
Unbreakable Enterprise kernel security update
2022-04-25 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9260)
2022-04-05 00:00:00
SUSE SLES12 Security Update : kernel (Live Patch 40 for SLE 12 SP3) (SUSE-SU-2021:4057-1)
2021-12-15 00:00:00
SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 32 for SLE 15) (SUSE-SU-2022:3064-1)
2022-09-06 00:00:00
debiancve
debiancve
CVE-2020-36516
2022-02-26 04:15:00
CVE-2022-26966
2022-03-12 22:15:00
CVE-2021-20322
2022-02-18 18:15:00
prion
prion
Design/Logic Flaw
2022-02-26 04:15:00
Design/Logic Flaw
2022-02-18 18:15:00
Design/Logic Flaw
2022-03-12 22:15:00
ubuntucve
ubuntucve
CVE-2020-36516
2022-02-26 00:00:00
CVE-2021-20322
2021-10-19 00:00:00
CVE-2022-26966
2022-03-12 00:00:00
redhatcve
redhatcve
CVE-2020-36516
2022-03-02 11:24:33
CVE-2022-26966
2022-03-14 09:17:00
CVE-2022-0330
2022-01-25 20:22:25
veracode
veracode
Spoofing Attack
2023-01-28 00:46:14
Denial Of Service (DoS)
2022-02-08 17:16:04
Heap-Based Buffer Overflow
2022-05-14 20:55:00
cve
cve
CVE-2020-36516
2022-02-26 04:15:00
CVE-2021-20322
2022-02-18 18:15:00
CVE-2022-26966
2022-03-12 22:15:00
cnvd
cnvd
Linux kernel has unspecified vulnerabilities (CNVD-2022-17770)
2022-03-01 00:00:00
Linux kernel buffer overflow vulnerability (CNVD-2022-68570)
2022-01-27 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-20322 affecting package kernel 5.10.189.1-1
2022-03-10 23:47:45
CVE-2022-26966 affecting package kernel 5.10.189.1-1
2022-05-12 02:17:02
CVE-2022-26966 affecting package kernel 5.15.153.1-2
2022-04-09 06:52:47
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:4057-1)
2021-12-15 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2022-48acd4718d)
2022-02-02 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2022-a39015bec2)
2022-02-02 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: kernel-5.15.18-100.fc34
2022-02-02 01:16:21
[SECURITY] Fedora 35 Update: kernel-5.15.18-200.fc35
2022-02-01 01:13:23
[SECURITY] Fedora 35 Update: kernel-5.14.16-301.fc35
2021-11-06 01:28:25
osv
osv
CVE-2022-0330
2022-03-25 19:15:10
CVE-2021-3772
2022-03-02 23:15:09
linux, linux-aws, linux-aws-hwe, linux-azure, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2022-02-03 05:48:15
photon
photon
Important Photon OS Security Update - PHSA-2022-0499
2022-07-23 00:00:00
Important Photon OS Security Update - PHSA-2022-0148
2022-01-26 00:00:00
Important Photon OS Security Update - PHSA-2022-0433
2022-01-25 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2022-02-01 18:26:02
Updated kernel packages fix security vulnerabilities
2022-02-01 18:26:02
Updated kernel packages fix security vulnerabilities
2021-11-11 18:02:40
redhat
redhat
(RHSA-2022:1106) Important: kernel security update
2022-03-29 08:22:25
(RHSA-2022:0712) Important: kernel security update
2022-03-01 11:48:27
(RHSA-2022:0718) Important: kpatch-patch security update
2022-03-01 11:49:37
f5
f5
K30914425 : Linux vulnerabilities CVE-2022-0330 and CVE-2022-22942
2022-04-19 00:00:00
ibm
ibm
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
2021-12-06 10:35:06
Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System
2022-08-29 11:08:07
Security Bulletin: IBM DataPower Gateway vulnerable to network state information leakage (CVE-2021-20322, CVE-2021-45485, CVE-2021-45486)
2022-12-16 21:16:31
trellix
trellix
The Bug Report November 2021 Edition
2021-11-30 00:00:00
The Bug Report November 2021 Edition
2021-11-30 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel patch 146.1 for Virtuozzo Hybrid Server 7.5
2022-08-22 00:00:00
amazon
amazon
Medium: kernel
2021-12-08 02:23:00
Important: kernel
2022-02-04 23:24:00
Important: kernel
2023-02-17 00:02:00
suse
suse
Security update for the Linux Kernel (important)
2021-12-06 00:00:00
Security update for the Linux Kernel (important)
2021-11-24 00:00:00
Security update for the Linux Kernel (important)
2021-11-25 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-02-03 00:00:00
Linux kernel (HWE) vulnerabilities
2022-02-18 00:00:00
Linux kernel vulnerabilities
2022-02-22 00:00:00
cloudfoundry
cloudfoundry
USN-5268-1: Linux kernel vulnerabilities | Cloud Foundry
2022-03-10 00:00:00
rocky
rocky
kernel-rt security and bug fix update
2022-03-11 02:24:05
kernel security, bug fix, and enhancement update
2022-03-11 02:26:54
JSON
Related for ORACLEVM_OVMSA-2022-0011.NASL
oraclelinux5nessus77debiancve5prion5ubuntucve5redhatcve5veracode5cve5cnvd2cbl_mariner6openvas23fedora3osv5photon7mageia4redhat17f51ibm3trellix2virtuozzo1amazon4suse3ubuntu3cloudfoundry1rocky2