Multiple vulnerabilities in Oracle VM Server



Published: 2020-07-15
Risk Low
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2020-0548
CVE-2020-0549
CVE-2017-16538
CVE-2019-15214
CVE-2019-19533
CVE-2019-19534
CVE-2019-19536
CVE-2020-0543
CVE-2017-15289
CVE-2017-18030
CWE-ID CWE-200
CWE-284
CWE-416
CWE-787
CWE-125
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe
Oracle VM Server for x86
Server applications / Other server solutions

Vendor Oracle

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU24688

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0548

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to cleanup errors. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.3 - 3.4

External links

http://www.oracle.com/security-alerts/ovmbulletinjul2020.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU24689

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0549

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to cleanup errors in some data cache evictions. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.3 - 3.4

External links

http://www.oracle.com/security-alerts/ovmbulletinjul2020.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Denial of service

EUVDB-ID: #VU9164

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16538

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the drivers/media/usb/dvb-usb-v2/lmedm04.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.4

External links

http://www.oracle.com/security-alerts/ovmbulletinjul2020.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU20815

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15214

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists in the Advanced Linux Sound Architecture (ALSA) subsystem in "sound/core/init.c" and "sound/core/info.c" due to the card disconnection causes certain data structures to be deleted too early. A local authenticated user with physical access to the system can exploit this vulnerability to cause a denial of service (system crash) or possibly execute arbitrary code.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.4

External links

http://www.oracle.com/security-alerts/ovmbulletinjul2020.html


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU24450

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19533

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an info-leak bug in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver. A local user with physical access can use a malicious USB device and gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.4

External links

http://www.oracle.com/security-alerts/ovmbulletinjul2020.html


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU29946

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19534

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output within the USB driver in drivers/net/can/usb/peak_usb/pcan_usb_core.c driver. A local use can use a specially crafted USB devices to gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.4

External links

http://www.oracle.com/security-alerts/ovmbulletinjul2020.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information disclosure

EUVDB-ID: #VU29947

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19536

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in drivers/net/can/usb/peak_usb/pcan_usb_pro.c USB driver. A local user can use a specially crafted USB device to gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.4

External links

http://www.oracle.com/security-alerts/ovmbulletinjul2020.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU28928

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0543

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to incomplete cleanup from specific special register read operations in some Intel(R) Processors. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.3 - 3.4

External links

http://www.oracle.com/security-alerts/ovmbulletinjul2020.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds write

EUVDB-ID: #VU11790

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15289

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows an adjacent authenticated attacker to cause DoS condition on the target system.

The weakness exists in the mode4and5 write functions in hw/display/cirrus_vga.c due to out-of-bounds write. An adjacent attacker can trigger memory corruption and cause the service to crash via vectors related to dst calculation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.4

External links

http://www.oracle.com/security-alerts/ovmbulletinjul2020.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU10940

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18030

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists in the cirrus_invalidate_region function in hw/display/cirrus_vga.c due to out-of-bounds read. A remote attacker can use vectors related to negative pitch, trigger memory error and cause QEMU process to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.4

External links

http://www.oracle.com/security-alerts/ovmbulletinjul2020.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###