No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions
 

Oracle VM Server for x86 Bulletin - July 2021

 

Description

The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin. Oracle VM Server for x86 Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle VM Server for x86 Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle VM Server for x86 Bulletin security patches as soon as possible.

 

Patch Availability

Please see ULN Advisory https://linux.oracle.com/ovm-bulletin-pad

 

Oracle VM Server for x86 Bulletin Schedule

Oracle VM Server for x86 Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 19 October 2021
  • 18 January 2022
  • 19 April 2022
  • 19 July 2022

References

 

Modification History

Date Note
2021-September-21 Rev 3. New CVEs added
2021-August-18 Rev 2. New CVEs added
2021-July-20 Rev 1. Initial Release

Oracle VM Server for x86 Executive Summary

This Oracle VM Server for x86 Bulletin contains 8 new security patches for the Oracle VM Server for x86.

Oracle VM Server for x86 Risk Matrix

Revision 3: Published on 2021-09-21

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-9458 Oracle VM Server for x86 Unbreakable Enterprise kernel No 7.0 Local High Low None Unchanged High High High 3
CVE-2021-3609 Oracle VM Server for x86 Unbreakable Enterprise kernel No 7.0 Local High Low None Unchanged High High High 3
CVE-2019-9456 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.7 Local Low High None Unchanged High High High 3
CVE-2020-0305 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.4 Local High High None Unchanged High High High 3
CVE-2020-0429 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.4 Local High High None Unchanged High High High 3
CVE-2020-28097 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.2 Local Low None None Unchanged None None High 3
CVE-2020-27068 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.4 Local Low High None Unchanged High None None 3
CVE-2021-34693 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.0 Local Low None None Unchanged Low None None 3

Revision 2: Published on 2021-08-18

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2021-22555 Oracle VM Server for x86 Unbreakable Enterprise kernel No 8.3 Local High None None Changed High High High 3
CVE-2021-32399 Oracle VM Server for x86 Unbreakable Enterprise kernel No 7.0 Local High Low None Unchanged High High High 3
CVE-2021-33909 Oracle VM Server for x86 Unbreakable Enterprise kernel No 7.0 Local High Low None Unchanged High High High 3
CVE-2020-14304 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.4 Local Low High None Unchanged High None None 3

Revision 1: Published on 2021-07-20

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2021-27219 Oracle VM Server for x86 glib2 Yes 9.8 Network Low None None Unchanged High High High 3
CVE-2021-25217 Oracle VM Server for x86 dhcp No 8.8 Local Low None None Unchanged High High High 3
CVE-2021-33034 Oracle VM Server for x86 Unbreakable Enterprise kernel No 7.8 Local Low Low None Unchanged High High High 3
CVE-2021-28692 Oracle VM Server for x86 xen No 7.1 Local Low Low None Unchanged High None High 3
CVE-2020-36386 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.7 Local Low High None Unchanged High High High 3
CVE-2021-31916 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.7 Local Low High None Unchanged High High High 3
CVE-2021-0089 Oracle VM Server for x86 xen No 6.5 Local Low Low None Changed High None None 3
CVE-2021-28690 Oracle VM Server for x86 xen No 6.5 Network Low Low None Unchanged High None None 3
CVE-2021-26313 Oracle VM Server for x86 xen No 5.5 Local Low Low None Unchanged High None None 3
CVE-2020-12352 Oracle VM Server for x86 Unbreakable Enterprise kernel No 5.3 Local High None None Unchanged High None None 3