OpenSUSE Linux update for qemu
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-11806 CVE-2018-12617 CVE-2018-3639 |
| CWE-ID | CWE-122 CWE-190 CWE-362 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
Opensuse Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU13375
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-11806
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer overflow when insufficient input and validation checking of Slirp networking back-end processes by the m_cat function, as defined in the slirp/mbuf.c source code file. A remote attacker can send malformed, fragmented packets, trigger memory corruption and cause the QEMU process to crash.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-11/msg00013.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU14116
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-12617
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to integer overflow in qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent). A remote attacker can send a specially crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket, cause a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk and cause the service to crash.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-11/msg00013.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Speculative Store Bypass
EUVDB-ID: #VU12911
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-3639
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.
Note: the vulnerability is referred to as "Spectre variant 4".
Update the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-11/msg00013.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
