SB2019082235 - Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3 update for qemu-kvm-rhev 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019082235

SB2019082235 - Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 4.3 update for qemu-kvm-rhev

Published: August 22, 2019

Security Bulletin ID SB2019082235
Severity
Medium
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 11% Low 89%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2018-12126)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


2) Information disclosure (CVE-ID: CVE-2018-12127)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


3) Information disclosure (CVE-ID: CVE-2018-12130)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


4) Integer overflow (CVE-ID: CVE-2018-17958)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to a boundary error in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. An adjacent attacker can trigger integer overflow and cause the service to crash.


5) Buffer overflow (CVE-ID: CVE-2018-17963)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer overflow when qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.


6) Buffer overflow (CVE-ID: CVE-2018-20815)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the deprecated "load_image" function, as defined in the "device_tree.c" file. A remote attacker can submit a large image file to the affected system, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Information disclosure (CVE-ID: CVE-2019-11091)

The vulnerability allows a local authenticated user to gain access to sensitive information.

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf


8) Buffer overflow (CVE-ID: CVE-2019-6501)

The vulnerability allows a local user to perform denial of service attack.

The vulnerability exists due to a boundary error within the scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c. A local user can create a specially crafted application, trigger buffer overflow and crash the affected emulator.


9) Memory leak (CVE-ID: CVE-2019-9824)

The vulnerability allows a local user to gain access to sensitive information on the system.

The vulnerability exists due memory leak within the SLiRP networking implementation. A local user can read uninitialised stack memory contents.


Remediation

Install update from vendor's website.

References