No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions

Oracle VM Server for x86 Bulletin - January 2020


Description

The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin. Oracle VM Server for x86 Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle VM Server for x86 Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle VM Server for x86 Bulletin security patches as soon as possible.


Patch Availability

Please see ULN Advisory https://linux.oracle.com/ovm-bulletin-pad


Oracle VM Server for x86 Bulletin Schedule

Oracle VM Server for x86 Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 14 April 2020
  • 14 July 2020
  • 20 October 2020
  • 19 January 2021

References


Modification History

Date Note
2020-March-17 Rev 3. New CVEs added.
2020-February-18 Rev 2. New CVEs added.
2020-January-14 Rev 1. Initial Release

Oracle VM Server for x86 Executive Summary

This Oracle VM Server for x86 Bulletin contains 18 new security patches for the Oracle VM Server for x86.  7 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

 

Oracle VM Server for x86 Risk Matrix

Revision 3: Published on 2020-03-17

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-14901 Oracle VM Server for x86 Unbreakable Enterprise kernel Yes 9.8 Network Low None None Unchanged High High High 3.4
CVE-2020-7039 Oracle VM Server for x86 qemu-kvm Yes 9.8 Network Low None None Unchanged High High High 3.4
CVE-2019-14378 Oracle VM Server for x86 qemu-kvm No 8.8 Network Low Low None Unchanged High High High 3.4
CVE-2019-18634 Oracle VM Server for x86 sudo No 7.8 Local Low Low None Unchanged High High High 3.3,3.4
CVE-2019-15890 Oracle VM Server for x86 qemu-kvm Yes 7.5 Network Low None None Unchanged None None High 3.4
CVE-2019-19583 Oracle VM Server for x86 xen Yes 7.5 Network Low None None Unchanged None None High 3.4
CVE-2019-19577 Oracle VM Server for x86 xen No 7.2 Physical Low High None Changed High High High 3.4
CVE-2019-18424 Oracle VM Server for x86 xen No 6.8 Physical Low None None Unchanged High High High 3.4
CVE-2019-11135 Oracle VM Server for x86 xen No 6.5 Local Low Low None Changed High None None 3.4
CVE-2017-5753 Oracle VM Server for x86 xen No 5.6 Local High Low None Changed High None None 3.4
CVE-2018-3620 Oracle VM Server for x86 xen No 5.6 Local High Low None Changed High None None 3.4
CVE-2018-3646 Oracle VM Server for x86 xen No 5.6 Local High Low None Changed High None None 3.4
CVE-2019-15291 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.6 Physical Low None None Unchanged None None High 3.4
CVE-2020-2732 Oracle VM Server for X86 Unbreakable Enterprise kernel Undefined 3.4

Revision 2: Published on 2020-02-18

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-17666 Oracle VM Server for x86 Unbreakable Enterprise kernel No 8.8 Adjacent network Low None None Unchanged High High High 3.4
CVE-2019-19332 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.1 Local Low Low None Unchanged None Low High 3.4

Revision 1: Published on 2020-01-14

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2015-9381 Oracle VM Server for x86 freetype Yes 8.8 Network Low None Required Unchanged High High High 3.3,3.4
CVE-2015-9382 Oracle VM Server for x86 freetype Yes 6.5 Network Low None Required Unchanged None None High 3.3,3.4