No results found

Your search did not match any results.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.
Trending Questions
 

Oracle VM Server for x86 Bulletin - October 2021

 

Description

The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin. Oracle VM Server for x86 Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle VM Server for x86 Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle VM Server for x86 Bulletin security patches as soon as possible.

 

Patch Availability

Please see ULN Advisory https://linux.oracle.com/ovm-bulletin-pad

 

Oracle VM Server for x86 Bulletin Schedule

Oracle VM Server for x86 Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 18 January 2022
  • 19 April 2022
  • 19 July 2022
  • 18 October 2022

References

 

Modification History

Date Note
2021-November-16 Rev 2. New CVEs added
2021-October-19 Rev 1. Initial Release

Oracle VM Server for x86 Executive Summary

This Oracle VM Server for x86 Bulletin contains 4 new security patches for the Oracle VM Server for x86.

Oracle VM Server for x86 Risk Matrix

Revision 2: Published on 2021-11-16

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2018-1000026 Oracle VM Server for x86 Unbreakable Enterprise kernel No 7.7 Network Low Low None Changed None None High 3
CVE-2019-10207 Oracle VM Server for x86 Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 3
CVE-2019-19813 Oracle VM Server for x86 Unbreakable Enterprise kernel No 5.5 Local Low None Required Unchanged None None High 3
CVE-2021-3564 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.7 Local High Low None Unchanged None None High 3

Revision 1: Published on 2021-10-19

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2018-1000026 Oracle VM Server for x86 Unbreakable Enterprise kernel No 7.7 Network Low Low None Changed None None High 3
CVE-2019-10207 Oracle VM Server for x86 Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 3
CVE-2019-19813 Oracle VM Server for x86 Unbreakable Enterprise kernel No 5.5 Local Low None Required Unchanged None None High 3
CVE-2021-3564 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.7 Local High Low None Unchanged None None High 3

Revision 1: Published on 2021-10-19

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2019-10220 Oracle VM Server for x86 Unbreakable Enterprise kernel Yes 8.8 Network Low None Required Unchanged High High High 3
CVE-2021-28701 Oracle VM Server for x86 xen No 7.8 Local High Low None Changed High High High 3
CVE-2019-19074 Oracle VM Server for x86 Unbreakable Enterprise kernel Yes 7.5 Network Low None None Unchanged None None High 3
CVE-2021-28694 Oracle VM Server for x86 xen No 6.8 Local Low None None Unchanged High High High 3
CVE-2021-28697 Oracle VM Server for x86 xen No 6.8 Local Low None None Unchanged Low None High 3
CVE-2018-9517 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.7 Local Low High None Unchanged High High High 3
CVE-2021-28698 Oracle VM Server for x86 xen No 6.2 Local Low None None Unchanged None None High 3
CVE-2021-28695 Oracle VM Server for x86 xen No 5.9 Local Low None None Unchanged Low Low Low 3
CVE-2021-28696 Oracle VM Server for x86 xen No 5.9 Local Low None None Unchanged Low Low Low 3
CVE-2017-18216 Oracle VM Server for x86 Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 3
CVE-2020-12771 Oracle VM Server for x86 Unbreakable Enterprise kernel No 5.1 Local High None None Unchanged None None High 3
CVE-2019-19066 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.7 Local High Low None Unchanged None None High 3
CVE-2019-3901 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.7 Local High Low None Unchanged High None None 3
CVE-2019-19063 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.6 Local Low None None Unchanged None None High 3