Oracle VM Server for x86 Bulletin - April 2024

 

Description

The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin. Oracle VM Server for x86 Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle VM Server for x86 Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Third Party Bulletin security patches as soon as possible.

 

Patch Availability

Please see ULN Advisory https://linux.oracle.com/ovm-bulletin-pad

 

Third Party Bulletin Schedule

Third Party Bulletins are released on the third Tuesday of January, April, July, and October. The next four dates are:

  • 16 July 2024
  • 15 October 2024
  • 21 January 2025
  • 15 April 2025

References

 

Modification History

Date Note
2024-April-16 Rev 1. Initial Release

Oracle VM Server for x86 Executive Summary

This Oracle VM Server for x86 Bulletin contains 3 new security patches for the Oracle VM Server for x86.

Oracle VM Server for x86 Risk Matrix

Revision: 1 Published on 2024-04-16

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2024-1086 Oracle VM Server for x86 Unbreakable Enterprise kernel No 7.8 Local Low Low None Unchanged High High High 3
CVE-2023-45863 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.4 Local High High None Unchanged High High High 3
CVE-2023-39194 Oracle VM Server for x86 Unbreakable Enterprise kernel No 3.2 Local Low High None Changed Low None None 3