OpenSUSE Linux update for qemu

Published: 2018-12-17

Risk	Low
Patch available	YES
Number of vulnerabilities	6
CVE-ID	CVE-2018-10839 CVE-2018-15746 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849
CWE-ID	CWE-190 CWE-20 CWE-120 CWE-125
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Opensuse Operating systems & Components / Operating system
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU15995

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10839

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to integer overflow when built with the NE2000 NIC emulation support. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

CPE2.3

cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU16553

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-15746

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists in qemu-seccomp.c due to an error when processing malicious input. An adjacent attacker can leverage mishandling of the seccomp policy for threads other than the main thread and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

CPE2.3

cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Integer overflow

EUVDB-ID: #VU16554

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17958

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to a boundary error in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. An adjacent attacker can trigger integer overflow and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

CPE2.3

cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU15996

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17962

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer overflow in pcnet_receive in hw/net/pcnet.c when an incorrect integer data type is used. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

CPE2.3

cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU15997

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17963

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer overflow when qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

CPE2.3

cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU16555

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18849

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to message length value in 'msg_len' could be invalid due to an invalid migration stream while writing a message in 'lsi_do_msgin'. An adjacent attacker can trigger out-of-bounds read and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

CPE2.3

cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.