Multiple vulnerabilities in Oracle VM Server for x86



| Updated: 2023-11-23
Risk Medium
Patch available YES
Number of vulnerabilities 13
CVE-ID CVE-2022-48174
CVE-2022-34918
CVE-2023-35001
CVE-2023-3611
CVE-2023-3776
CVE-2023-40283
CVE-2023-2513
CVE-2023-4387
CVE-2023-4459
CVE-2023-4206
CVE-2023-4208
CVE-2023-22024
CVE-2023-3772
CWE-ID CWE-787
CWE-843
CWE-416
CWE-415
CWE-476
CWE-20
Exploitation vector Network
Public exploit Vulnerability #2 is being exploited in the wild.
Public exploit code for vulnerability #3 is available.
Vulnerable software
 Oracle VM Server for x86
Server applications / Other server solutions

Vendor Oracle

Security Bulletin

This security bulletin contains information about 13 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU80391

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-48174

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input ash.c. A remote attacker can send specially crafted data to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Type Confusion

EUVDB-ID: #VU65360

Risk: Low

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2022-34918

CWE-ID: CWE-843 - Type confusion

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in the Linux kernel’s Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. A local user can pass specially crafted data to the application, trigger a type confusion error and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

3) Out-of-bounds write

EUVDB-ID: #VU78326

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-35001

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Out-of-bounds write

EUVDB-ID: #VU78943

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3611

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the qfq_change_agg() function in net/sched/sch_qfq.c within the Linux kernel net/sched: sch_qfq component. A local user trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU79285

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3776

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU79714

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-40283

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU76455

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-2513

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4 filesystem in the way it handled the extra inode size for extended attributes. A local user can trigger a use-after-free error and escalate privileges on the system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Double Free

EUVDB-ID: #VU80796

Risk: Low

CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4387

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary error within the vmxnet3_rq_alloc_rx_buf() function in drivers/net/vmxnet3/vmxnet3_drv.c in VMware vmxnet3 ethernet NIC driver. A local user can  trigger a double free error and gain access to sensitive information or crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU80797

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4459

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the vmxnet3_rq_cleanup() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU80580

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4206

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the cls_route component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU80586

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4208

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the cls_u32 component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU80902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-22024

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the OS kernel. A local user can pass specially crafted input to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU80578

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3772

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Oracle VM Server for x86: 3.2 - 3.4

CPE2.3 External links

https://www.oracle.com/security-alerts/ovmbulletinoct2023.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###