SB2018072711 - Multiple vulnerabilities in QEMU QEMU
Published: July 27, 2018 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2013-4535)
The vulnerability allows a local authenticated user to execute arbitrary code.
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
2) Out-of-bounds read (CVE-ID: CVE-2017-2633)
The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
Remediation
Install update from vendor's website.
References
- http://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4
- http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
- http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html
- http://rhn.redhat.com/errata/RHSA-2014-0743.html
- http://rhn.redhat.com/errata/RHSA-2014-0744.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1066401
- http://www.openwall.com/lists/oss-security/2017/02/23/1
- http://www.securityfocus.com/bid/96417
- https://access.redhat.com/errata/RHSA-2017:1205
- https://access.redhat.com/errata/RHSA-2017:1206
- https://access.redhat.com/errata/RHSA-2017:1441
- https://access.redhat.com/errata/RHSA-2017:1856
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633
- https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7
- https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef