Bug 1135902 (CVE-2019-12155)

Summary: VUL-1: CVE-2019-12155: kvm,qemu: null pointer dereference while releasing spice resources
Product: [Novell Products] SUSE Security Incidents Reporter: Alexandros Toptsoglou <atoptsoglou>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: lyan, smash_bz, wolfgang.frisch
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/233401/
See Also: https://bugzilla.suse.com/show_bug.cgi?id=1135905
Whiteboard: CVSSv2:NVD:CVE-2019-12155:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv3:NVD:CVE-2019-12155:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3:RedHat:CVE-2019-12155:3.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L) CVSSv3:SUSE:CVE-2019-12155:3.8:(AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexandros Toptsoglou 2019-05-22 11:36:32 UTC 
CVE-2019-12155

A null pointer dereference issue was found the QXL VGA card emulator
of QEMU. It could occur while releasing resources allocated for a
SPICE server thread in interface_release_resources().

A guest user could use this flaw to crash the QEMU process resulting
in DoS scenario.

Upstream patch:
---------------
  -> https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2019/05/22/1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1712670
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12155
http://seclists.org/oss-sec/2019/q2/122
https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
Comment 1 Alexandros Toptsoglou 2019-05-22 11:41:24 UTC 
For kvm:
SLE11-SP1 --> Not affected
SLE11-SP3 --> affected 
SLE11-SP4 (LTSS) --> affected

For qemu: 
SLE11 --> Not affected
SLE12,SLE12-SP1,2,3,4 --> affected
SLE15 --> affected
Comment 2 Liang Yan 2019-07-25 20:30:11 UTC 
Backport have been merged into our SLE11 SP3-SP4
                                   SLE12 GA-SP4
                                   SLE15 GA-SP1
                                   Virt
Comment 7 Swamp Workflow Management 2019-08-21 19:12:58 UTC 
SUSE-SU-2019:2192-1: An update that solves four vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1128106,1133031,1134883,1135210,1135902,1136540,1136778,1138534,1140402,1143794,1144087
CVE References: CVE-2019-12155,CVE-2019-13164,CVE-2019-14378,CVE-2019-5008
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    qemu-3.1.1-9.3.3
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    qemu-3.1.1-9.3.3, qemu-linux-user-3.1.1-9.3.2, qemu-testsuite-3.1.1-9.3.4
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    qemu-3.1.1-9.3.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2019-08-21 19:15:09 UTC 
SUSE-SU-2019:14151-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1135902,1140402,1143794
CVE References: CVE-2019-12155,CVE-2019-13164,CVE-2019-14378
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    kvm-1.4.2-60.27.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2019-08-27 13:10:41 UTC 
SUSE-SU-2019:2221-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1135902,1140402,1143794
CVE References: CVE-2019-12155,CVE-2019-13164,CVE-2019-14378
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    qemu-2.3.1-33.26.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    qemu-2.3.1-33.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2019-08-28 19:12:16 UTC 
SUSE-SU-2019:2246-1: An update that solves three vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1079730,1098403,1111025,1119115,1134883,1135902,1136540,1136778,1140402,1143794
CVE References: CVE-2019-12155,CVE-2019-13164,CVE-2019-14378
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    qemu-2.11.2-9.28.3
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    qemu-2.11.2-9.28.3, qemu-linux-user-2.11.2-9.28.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    qemu-2.11.2-9.28.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2019-09-01 16:11:49 UTC 
openSUSE-SU-2019:2041-1: An update that solves four vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1128106,1133031,1134883,1135210,1135902,1136540,1136778,1138534,1140402,1143794,1144087
CVE References: CVE-2019-12155,CVE-2019-13164,CVE-2019-14378,CVE-2019-5008
Sources used:
openSUSE Leap 15.1 (src):    qemu-3.1.1-lp151.7.3.3, qemu-linux-user-3.1.1-lp151.7.3.2, qemu-testsuite-3.1.1-lp151.7.3.3
Comment 12 Swamp Workflow Management 2019-09-03 10:11:40 UTC 
openSUSE-SU-2019:2059-1: An update that solves three vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1079730,1098403,1111025,1119115,1134883,1135902,1136540,1136778,1140402,1143794
CVE References: CVE-2019-12155,CVE-2019-13164,CVE-2019-14378
Sources used:
openSUSE Leap 15.0 (src):    qemu-2.11.2-lp150.7.25.1
Comment 13 Swamp Workflow Management 2019-09-04 13:12:29 UTC 
SUSE-SU-2019:2278-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1127077,1135902,1139926,1140402,1143794
CVE References: CVE-2019-12155,CVE-2019-13164,CVE-2019-14378
Sources used:
SUSE CaaS Platform 3.0 (src):    qemu-2.9.1-6.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2019-09-06 19:11:10 UTC 
SUSE-SU-2019:2157-1: An update that fixes three vulnerabilities is now available.

Category: security (important)
Bug References: 1135902,1140402,1143794
CVE References: CVE-2019-12155,CVE-2019-13164,CVE-2019-14378
Sources used:
SUSE OpenStack Cloud 7 (src):    qemu-2.6.2-41.55.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    qemu-2.6.2-41.55.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    qemu-2.6.2-41.55.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    qemu-2.6.2-41.55.1
SUSE Enterprise Storage 4 (src):    qemu-2.6.2-41.55.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2019-09-11 10:13:03 UTC 
SUSE-SU-2019:2353-1: An update that solves three vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1079730,1098403,1111025,1127077,1134880,1135902,1136528,1136777,1139926,1140402,1141043,1143794
CVE References: CVE-2019-12155,CVE-2019-13164,CVE-2019-14378
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    qemu-2.11.2-5.18.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    qemu-2.11.2-5.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Alexandros Toptsoglou 2020-05-20 09:29:58 UTC 
Done