Errata ALT-PU-2017-2175-1: Information
Fixes
Published: April 28, 2017
BDU:2017-01782
Уязвимость компонента audio.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.8)
Links:
Published: June 11, 2017
BDU:2017-01803
Уязвимость в qemu-nbd эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
Links:
Published: April 24, 2017
BDU:2017-02081
Уязвимость функции megasas_mmio_write эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю оказать неопределенное воздействие
Severity: HIGH (7.5)
Links:
Published: Oct. 4, 2017
BDU:2018-00025
Уязвимость функции v9fs_xattrwalk (hw/9pfs/9p.c) эмулятора аппаратного обеспечения Qemu, позволяющая нарушителю получить конфиденциальную информацию из памяти хостовой операционной системы
Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: June 24, 2017
BDU:2021-01313
Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Severity: LOW (3.7) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Links:
Published: Aug. 2, 2017
Modified: Aug. 4, 2021
Modified: Aug. 4, 2021
CVE-2017-10664
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20170611 [PATCH] qemu-nbd: Ignore SIGPIPE
- https://bugzilla.redhat.com/show_bug.cgi?id=1466190
- 99513
- [oss-security] 20170629 CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
- DSA-3920
- RHSA-2017:3474
- RHSA-2017:3473
- RHSA-2017:3472
- RHSA-2017:3471
- RHSA-2017:3470
- RHSA-2017:3466
- RHSA-2017:2445
- RHSA-2017:2390
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
Published: Aug. 2, 2017
Modified: Nov. 10, 2020
Modified: Nov. 10, 2020
CVE-2017-10806
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20170512 [PULL 2/6] usb-redir: fix stack overflow in usbredir_log_data
- https://bugzilla.redhat.com/show_bug.cgi?id=1468496
- 99475
- [oss-security] 20170707 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging
- DSA-3925
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
Published: Aug. 2, 2017
Modified: Nov. 10, 2020
Modified: Nov. 10, 2020
CVE-2017-11334
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20170713 [PULL 21/41] exec: use qemu_ram_ptr_length to access guest ram
- https://bugzilla.redhat.com/show_bug.cgi?id=1471638
- [oss-security] 20170717 CVE-2017-11334 Qemu: exec: oob access during dma operation
- 99895
- DSA-3925
- RHSA-2017:3369
- RHSA-2017:3474
- RHSA-2017:3473
- RHSA-2017:3472
- RHSA-2017:3471
- RHSA-2017:3470
- RHSA-2017:3466
- USN-3575-1
Published: July 25, 2017
Modified: Nov. 10, 2020
Modified: Nov. 10, 2020
CVE-2017-11434
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20170717 [PATCH] slirp: check len against dhcp options array end
- https://bugzilla.redhat.com/show_bug.cgi?id=1472611
- [oss-security] 20170719 CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options
- 99923
- DSA-3925
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
Published: Aug. 23, 2017
Modified: Nov. 10, 2020
Modified: Nov. 10, 2020
CVE-2017-12809
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
Published: Aug. 29, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-13673
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
- 100527
- [oss-security] 20170910 Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update
- RHSA-2018:1104
- RHSA-2018:1113
- openSUSE-SU-2019:1074
- https://git.qemu.org/gitweb.cgi?p=qemu.git%3Ba=commit%3Bh=bfc56535f793c557aa754c50213fc5f882e6482d
Published: Oct. 10, 2017
Modified: Sept. 7, 2018
Modified: Sept. 7, 2018
CVE-2017-15038
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
Severity: MEDIUM (5.6) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Links:
Published: May 17, 2017
Modified: Oct. 23, 2020
Modified: Oct. 23, 2020
CVE-2017-7493
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- [qemu-devel] 20170516 [PULL] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
- https://bugzilla.redhat.com/show_bug.cgi?id=1451709
- [oss-security] 20170517 CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode
- 98574
- GLSA-201706-03
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
Published: May 2, 2017
Modified: Sept. 10, 2020
Modified: Sept. 10, 2020
CVE-2017-8112
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- [qemu-devel] 20170425 Re: [PATCH] vmw_pvscsi: check message ring page count at initialisation
- https://bugzilla.redhat.com/show_bug.cgi?id=1445621
- 98015
- [oss-security] 20170426 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2
- GLSA-201706-03
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
Published: May 23, 2017
Modified: Aug. 4, 2021
Modified: Aug. 4, 2021
CVE-2017-8309
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: May 23, 2017
Modified: Aug. 4, 2021
Modified: Aug. 4, 2021
CVE-2017-8379
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
Published: Aug. 28, 2017
Modified: Sept. 6, 2017
Modified: Sept. 6, 2017
CVE-2017-8380
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 17, 2017
Modified: Nov. 10, 2020
Modified: Nov. 10, 2020
CVE-2017-9503
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas
- [qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once
- https://bugzilla.redhat.com/show_bug.cgi?id=1459477
- [oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command
- 99010
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
Published: July 6, 2017
Modified: Oct. 29, 2020
Modified: Oct. 29, 2020
CVE-2017-9524
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20170608 [PATCH] nbd: Fix regression on resiliency to port scan
- [qemu-devel] 20170526 [PATCH] nbd: Fully initialize client in case of failed negotiation
- [oss-security] 20170612 CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation
- 99011
- DSA-3925
- RHSA-2017:2408
- RHSA-2017:1682
- RHSA-2017:1681