CVE-2017-3276 Oracle CVE debrief

Who should care

Administrators and security teams responsible for Oracle Solaris 11.3 systems, especially environments that use Kernel Zones virtualization or delegate high-privilege local access.

Technical summary

NVD maps the issue to cpe:2.3:o:oracle:solaris:11.3 and gives the vector CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H. The vulnerability is described as being in the Solaris component of Oracle Sun Systems Products Suite, specifically the Kernel Zones virtualized block driver. The impact is limited to integrity and availability; confidentiality is not listed as affected in the NVD vector.

Defensive priority

Medium. Patch during the normal maintenance cycle, but treat it as higher priority on Solaris 11.3 systems that rely on Kernel Zones or that permit broad high-privilege local access.

Recommended defensive actions

• Apply the Oracle CPU January 2017 fix referenced by NVD for this issue.
• Inventory Solaris 11.3 systems and confirm whether Kernel Zones are in use.
• Limit and review high-privilege local access on affected systems.
• Monitor for unexpected Solaris hangs, crashes, or unexplained data modification events.
• Validate system stability after patching, especially on hosts running virtualization workloads.

Evidence notes

Evidence is limited to the NVD CVE record and the Oracle CPU January 2017 advisory reference included there. NVD describes the affected product as Oracle Solaris 11.3 and provides the CVSS v3.0 vector AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H. The NVD references include Oracle's advisory (cpujan2017-2881727) and external tracking entries, but no additional technical detail was supplied in the corpus.

Official resources