Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2019-4713.NASLHistoryJul 15, 2019 - 12:00 a.m.
Oracle Linux 7 : qemu (ELSA-2019-4713) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
2019-07-1500:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
37
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
0.04 Low
EPSS
Percentile
92.1%
Description of changes:
[15:3.1.0-5.el7]
- Only enable the halt poll control MSR if it is supported by the host (Mark Kanda) [Orabug: 29946722]
[15:3.1.0-4.el7]
- kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug: 29933278]
- Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931 (Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-9524}
- pvrdma: release device resources in case of an error (Prasad J Pandit) [Orabug: 29056678] {CVE-2018-20123}
- qxl: check release info object (Prasad J Pandit) [Orabug: 29886906] {CVE-2019-12155}
- target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- docs: recommend use of md-clear feature on all Intel CPUs (Daniel P. Berrangé ) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- pvh: block migration if booting using PVH (Liam Merwick) [Orabug: 29796676]
- hw/i386/pc: run the multiboot loader before the PVH loader (Stefano Garzarella) [Orabug: 29796676]
- optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug: 29796676]
- hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676]
- qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676]
- optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676]
- linuxboot_dma: move common functions in a new header (Stefano Garzarella) [Orabug: 29796676]
- linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano Garzarella) [Orabug: 29796676]
- pvh: load initrd and expose it through fw_cfg (Stefano Garzarella) [Orabug: 29796676]
- pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick) [Orabug: 29796676]
- pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug: 29796676]
- elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676]
- elf: Add optional function ptr to load_elf() to parse ELF notes (Liam Merwick) [Orabug: 29796676]
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2019-4713.
#
include('compat.inc');
if (description)
{
script_id(126673);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/10");
script_cve_id(
"CVE-2017-5931",
"CVE-2017-6058",
"CVE-2017-9524",
"CVE-2018-12126",
"CVE-2018-12127",
"CVE-2018-12130",
"CVE-2018-20123",
"CVE-2019-11091",
"CVE-2019-12155"
);
script_xref(name:"CEA-ID", value:"CEA-2019-0324");
script_xref(name:"CEA-ID", value:"CEA-2019-0547");
script_name(english:"Oracle Linux 7 : qemu (ELSA-2019-4713) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"Description of changes:
[15:3.1.0-5.el7]
- Only enable the halt poll control MSR if it is supported by the host (Mark
Kanda) [Orabug: 29946722]
[15:3.1.0-4.el7]
- kvm: i386: halt poll control MSR support (Marcelo Tosatti) [Orabug:
29933278]
- Document CVEs as fixed: CVE-2017-9524, CVE-2017-6058, CVE-2017-5931
(Mark Kanda) [Orabug: 29886908] {CVE-2017-5931} {CVE-2017-6058}
{CVE-2017-9524}
- pvrdma: release device resources in case of an error (Prasad J Pandit)
[Orabug: 29056678] {CVE-2018-20123}
- qxl: check release info object (Prasad J Pandit) [Orabug: 29886906]
{CVE-2019-12155}
- target/i386: add MDS-NO feature (Paolo Bonzini) [Orabug: 29820428]
{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- docs: recommend use of md-clear feature on all Intel CPUs (Daniel P.
Berrangé ) [Orabug: 29820428] {CVE-2018-12126} {CVE-2018-12127}
{CVE-2018-12130} {CVE-2019-11091}
- target/i386: define md-clear bit (Paolo Bonzini) [Orabug: 29820428]
{CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091}
- pvh: block migration if booting using PVH (Liam Merwick) [Orabug:
29796676]
- hw/i386/pc: run the multiboot loader before the PVH loader (Stefano
Garzarella) [Orabug: 29796676]
- optionrom/pvh: load initrd from fw_cfg (Stefano Garzarella) [Orabug:
29796676]
- hw/i386/pc: use PVH option rom (Stefano Garzarella) [Orabug: 29796676]
- qemu.spec: add pvh.bin to %files (Liam Merwick) [Orabug: 29796676]
- optionrom: add new PVH option rom (Stefano Garzarella) [Orabug: 29796676]
- linuxboot_dma: move common functions in a new header (Stefano
Garzarella) [Orabug: 29796676]
- linuxboot_dma: remove duplicate definitions of FW_CFG (Stefano
Garzarella) [Orabug: 29796676]
- pvh: load initrd and expose it through fw_cfg (Stefano Garzarella)
[Orabug: 29796676]
- pvh: Boot uncompressed kernel using direct boot ABI (Liam Merwick)
[Orabug: 29796676]
- pvh: Add x86/HVM direct boot ABI header file (Liam Merwick) [Orabug:
29796676]
- elf-ops.h: Add get_elf_note_type() (Liam Merwick) [Orabug: 29796676]
- elf: Add optional function ptr to load_elf() to parse ELF notes (Liam
Merwick) [Orabug: 29796676]");
script_set_attribute(attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2019-July/008891.html");
script_set_attribute(attribute:"solution", value:
"Update the affected qemu packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5931");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/20");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-block-gluster");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-block-iscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-block-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-img");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-kvm-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-system-x86");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:qemu-system-x86-core");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-3.1.0-5.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-block-gluster-3.1.0-5.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-block-iscsi-3.1.0-5.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-block-rbd-3.1.0-5.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-common-3.1.0-5.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-img-3.1.0-5.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-kvm-3.1.0-5.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-kvm-core-3.1.0-5.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-system-x86-3.1.0-5.el7")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"qemu-system-x86-core-3.1.0-5.el7")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu / qemu-block-gluster / qemu-block-iscsi / qemu-block-rbd / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | qemu-system-x86 | p-cpe:/a:oracle:linux:qemu-system-x86 |
| oracle | linux | qemu-system-x86-core | p-cpe:/a:oracle:linux:qemu-system-x86-core |
| oracle | linux | 7 | cpe:/o:oracle:linux:7 |
| oracle | linux | qemu | p-cpe:/a:oracle:linux:qemu |
| oracle | linux | qemu-block-gluster | p-cpe:/a:oracle:linux:qemu-block-gluster |
| oracle | linux | qemu-block-iscsi | p-cpe:/a:oracle:linux:qemu-block-iscsi |
| oracle | linux | qemu-block-rbd | p-cpe:/a:oracle:linux:qemu-block-rbd |
| oracle | linux | qemu-common | p-cpe:/a:oracle:linux:qemu-common |
| oracle | linux | qemu-img | p-cpe:/a:oracle:linux:qemu-img |
| oracle | linux | qemu-kvm | p-cpe:/a:oracle:linux:qemu-kvm |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9524
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12155
oss.oracle.com/pipermail/el-errata/2019-July/008891.html
Related
oraclelinux
oraclelinux
qemu security update
2019-07-10 00:00:00
kernel security and bug fix update
2019-07-30 00:00:00
kernel security update
2019-05-15 00:00:00
amazon
amazon
Important: kernel
2019-05-07 22:54:00
redhat
redhat
(RHSA-2019:1185) Important: qemu-kvm security update
2019-05-14 18:09:34
(RHSA-2019:1207) Important: redhat-virtualization-host security update
2019-05-14 20:38:29
(RHSA-2019:1205) Important: rhvm-setup-plugins security update
2019-05-14 20:38:09
openvas
openvas
Debian: Security Advisory (DSA-4444-1)
2019-05-16 00:00:00
CentOS Update for kernel CESA-2019:1168 centos7
2019-05-16 00:00:00
openSUSE: Security Advisory for qemu (openSUSE-SU-2019:1420-1)
2019-05-21 00:00:00
suse
suse
Security update for ucode-intel (important)
2019-05-20 00:00:00
Security update for xen (important)
2019-05-16 00:00:00
Security update for ucode-intel (important)
2019-05-16 00:00:00
cloudfoundry
cloudfoundry
USN-3977-1: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry
2019-05-20 00:00:00
USN-3977-3: Intel Microcode update (AKA ZombieLoad Attack) | Cloud Foundry
2019-07-12 00:00:00
paloalto
paloalto
Information about Recent Intel Side Channel Vulnerabilities
2019-05-29 00:00:00
nessus
nessus
lenovo
lenovo
mageia
mageia
Updated kernel packages fix security vulnerability
2019-05-16 11:25:22
Updated virtualbox packages fix security vulnerabilities
2019-05-18 15:33:10
fedora
fedora
[SECURITY] Fedora 30 Update: xen-4.11.1-6.fc30
2019-07-01 01:09:24
[SECURITY] Fedora 30 Update: xen-4.11.1-5.fc30
2019-05-18 01:05:01
[SECURITY] Fedora 30 Update: qemu-3.1.0-8.fc30
2019-05-17 01:08:38
debian
debian
[SECURITY] [DSA 4444-1] linux security update
2019-05-14 21:17:39
[SECURITY] [DLA 1787-1] linux-4.9 security update
2019-05-15 21:20:09
[SECURITY] [DLA 1789-1] intel-microcode security update
2019-05-16 03:05:39
ubuntu
ubuntu
Linux kernel vulnerabilities
2019-05-14 00:00:00
Intel Microcode update
2019-05-22 00:00:00
libvirt update
2019-05-15 00:00:00
citrix
citrix
Citrix Hypervisor Security Update
2019-05-14 04:00:00
vmware
vmware
checkpoint_security
checkpoint_security
ibm
ibm
freebsd_advisory
freebsd_advisory
FreeBSD-SA-19:07.mds
2019-05-14 00:00:00
centos
centos
libvirt security update
2019-05-15 20:33:30
qemu security update
2019-05-15 20:31:32
libvirt security update
2019-05-15 15:41:00
f5
f5
K41283800 : INTEL-SA-00233 Microarchitectural Data Sampling Advisory
2019-05-15 00:00:00
xen
xen
Microarchitectural Data Sampling speculative side channel
2019-05-14 15:51:00
huawei
huawei
intel
intel
Microarchitectural Data Sampling Advisory
2021-05-11 00:00:00
osv
osv
linux-4.9 - security update
2019-05-15 00:00:00
intel-microcode - security update
2019-05-15 00:00:00
thn
thn
New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011
2019-05-14 20:20:00
threatpost
threatpost
Intel CPUs Impacted By New Class of Spectre-Like Attacks
2019-05-14 18:01:49
myhack58
myhack58
virtuozzo
virtuozzo
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
0.04 Low
EPSS
Percentile
92.1%
Related for ORACLELINUX_ELSA-2019-4713.NASL