Amazon Linux AMI update for qemu-kvm



| Updated: 2018-06-12
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2017-15268
CVE-2018-5683
CVE-2018-3639
CVE-2017-13711
CVE-2017-15124
CVE-2018-7858
CVE-2017-13672
CWE-ID CWE-401
CWE-125
CWE-362
CWE-416
CWE-789
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Amazon Linux AMI
Operating systems & Components / Operating system

Vendor Amazon Web Services

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Memory leak

EUVDB-ID: #VU12163

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-15268

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoІ condition on the target system.

The weakness exists in io/channel-websock.c due to memory leak in slow data-channel read operations. A remote attacker can trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

src:
    qemu-kvm-1.5.3-156.8.amzn1.src

x86_64:
    qemu-kvm-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-tools-1.5.3-156.8.amzn1.x86_64
    qemu-img-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-debuginfo-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-common-1.5.3-156.8.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2018-1034.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU10941

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5683

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows an adjacent low-privileged attacker to cause DoS condition on the target system.

The weakness exists in the vga_draw_text function due to out-of-bounds read. A remote attacker can leverage improper memory address validation, trigger memory error and cause QEMU process to crash.

Mitigation

Update the affected packages.

src:
    qemu-kvm-1.5.3-156.8.amzn1.src

x86_64:
    qemu-kvm-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-tools-1.5.3-156.8.amzn1.x86_64
    qemu-img-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-debuginfo-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-common-1.5.3-156.8.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2018-1034.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Speculative Store Bypass

EUVDB-ID: #VU12911

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-3639

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.

Note: the vulnerability is referred to as "Spectre variant 4".

Mitigation

Update the affected packages.

src:
    qemu-kvm-1.5.3-156.8.amzn1.src

x86_64:
    qemu-kvm-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-tools-1.5.3-156.8.amzn1.x86_64
    qemu-img-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-debuginfo-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-common-1.5.3-156.8.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2018-1034.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free error

EUVDB-ID: #VU11819

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-13711

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists in the Slirp networking implementation due to use-after-free error when a Socket referenced from multiple packets is freed while responding to a message.  An adjacent attacker can cause the service to crash.

Mitigation

Update the affected packages.

src:
    qemu-kvm-1.5.3-156.8.amzn1.src

x86_64:
    qemu-kvm-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-tools-1.5.3-156.8.amzn1.x86_64
    qemu-img-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-debuginfo-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-common-1.5.3-156.8.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2018-1034.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory allocation

EUVDB-ID: #VU11232

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-15124

CWE-ID: CWE-789 - Uncontrolled Memory Allocation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to uncontrolled memory allocation when not throttling the framebuffer updates sent to the client. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

src:
    qemu-kvm-1.5.3-156.8.amzn1.src

x86_64:
    qemu-kvm-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-tools-1.5.3-156.8.amzn1.x86_64
    qemu-img-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-debuginfo-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-common-1.5.3-156.8.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2018-1034.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU11134

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-7858

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to improper VGA display updates. An adjacent attacker can use incorrect region calculations during VGA display updates, trigger out-of-bounds read and cause the service to crash.

Mitigation

Update the affected packages.

src:
    qemu-kvm-1.5.3-156.8.amzn1.src

x86_64:
    qemu-kvm-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-tools-1.5.3-156.8.amzn1.x86_64
    qemu-img-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-debuginfo-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-common-1.5.3-156.8.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2018-1034.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU11644

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-13672

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read. An adjacent attacker can trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

src:
    qemu-kvm-1.5.3-156.8.amzn1.src

x86_64:
    qemu-kvm-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-tools-1.5.3-156.8.amzn1.x86_64
    qemu-img-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-debuginfo-1.5.3-156.8.amzn1.x86_64
    qemu-kvm-common-1.5.3-156.8.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

CPE2.3 External links

https://alas.aws.amazon.com/ALAS-2018-1034.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###