SB2017022105 - Gentoo update for QEMU

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017022105

SB2017022105 - Gentoo update for QEMU

Published: February 21, 2017 Updated: February 21, 2017

Security Bulletin ID SB2017022105
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

High 9% Medium 64% Low 27%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Memory leak (CVE-ID: CVE-2016-10155)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. A remote attacker can perform a denial of service attack.


2) Out-of-bounds read (CVE-ID: CVE-2017-2615)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.


3) Memory leak (CVE-ID: CVE-2017-5525)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. A remote attacker can perform a denial of service attack.


4) Memory leak (CVE-ID: CVE-2017-5552)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. A remote attacker can perform a denial of service attack.


5) Memory leak (CVE-ID: CVE-2017-5578)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. A remote attacker can perform a denial of service attack.


6) Memory leak (CVE-ID: CVE-2017-5579)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. A remote attacker can perform a denial of service attack.


7) Out-of-bounds read (CVE-ID: CVE-2017-5667)

The vulnerability allows a local authenticated user to a crash the entire system.

The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.


8) Memory leak (CVE-ID: CVE-2017-5856)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb. A remote attacker can perform a denial of service attack.


9) Memory leak (CVE-ID: CVE-2017-5857)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand. A remote attacker can perform a denial of service attack.


10) Integer overflow (CVE-ID: CVE-2017-5898)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c due to integer overflow when built with the CCID Card device emulator support. A local attacker can cause the service to crash via a large Application Protocol Data Units (APDU) unit

11) Heap-based buffer overflow (CVE-ID: CVE-2017-5931)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator). A remote attacker can use a crafted virtio-crypto request to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References