SUSE Linux update for kvm

Published: 2018-01-04

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2017-2633 CVE-2017-5715
CWE-ID	CWE-125 CWE-200
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #2 is available.
Vulnerable software	SUSE Linux Operating systems & Components / Operating system
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU31252

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-2633

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

CPE2.3

cpe:2.3:o:suse:suse_linux:11:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU9883

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2017-5715

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

CPE2.3

cpe:2.3:o:suse:suse_linux:11:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.