#VU359 Race condition in Oracle VM Server for x86 and Oracle Linux
Vulnerability identifier: #VU359
Vulnerability risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Oracle VM Server for x86
Server applications /
Other server solutions
Oracle Linux
Operating systems & Components /
Operating system
Vendor: Oracle
Description
The vulnerability allows local users to provoke a denial of service.
The vulnerability exists due to parafunction of ioctl_send_fib. By altering "double fetch" vulnerability, a local user can provoke a denial of service.
Successful exploitation of this vulnerability will allow an attacker to cause a denial of service
Vulnerable software versions
Oracle VM Server for x86: 3.2 - 3.4
Oracle Linux: 5 - 7
External links
http://www.securityfocus.com/archive/1/539074/30/0/threaded
http://bugzilla.redhat.com/show_bug.cgi?id=1362466
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
