Bug 940929 (CVE-2015-5745) - VUL-1: CVE-2015-5745: kvm,qemu: buffer overflow in virtio-serial
Summary: VUL-1: CVE-2015-5745: kvm,qemu: buffer overflow in virtio-serial
Status: RESOLVED FIXED
Alias: CVE-2015-5745
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/119710/
Whiteboard: CVSSv2:RedHat:CVE-2015-5745:3.2:(AV:A...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-07 08:29 UTC by Johannes Segitz
Modified: 2016-07-25 11:31 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2015-08-07 08:29:20 UTC 
rh#1251157

From: P J P

Qemu emulator built with the virtio-serial vmchannel support is vulnerable to a buffer overflow issue. It could occur while exchanging virtio control messages between guest & the host.

A malicious guest could use this flaw to corrupt few bytes of Qemu memory area, potentially crashing the Qemu process.


Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1251157
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5745
http://seclists.org/oss-sec/2015/q3/302
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5745.html
Comment 1 Swamp Workflow Management 2015-08-07 22:00:28 UTC 
bugbot adjusting priority
Comment 2 Andreas Stieger 2015-10-23 17:23:21 UTC 
Based on bug 950367 comment #14:
Does not affect xen because xen does not support virtio devices.
Comment 3 Marcus Meissner 2015-12-19 16:42:12 UTC 
-> kvm-bugs
Comment 5 Lin Ma 2016-03-09 06:34:11 UTC 
Close it as fixed
Comment 6 Johannes Segitz 2016-03-09 08:18:56 UTC 
please don't do that with security bugs. Assign them to us once you're done
Comment 7 Swamp Workflow Management 2016-06-13 11:09:46 UTC 
SUSE-SU-2016:1560-1: An update that solves 37 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 886378,895528,901508,928393,934069,940929,944463,947159,958491,958917,959005,959386,960334,960708,960725,960835,961332,961333,961358,961556,961691,962320,963782,964413,967969,969121,969122,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723,981266
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5745,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441,CVE-2016-4952
Sources used:
SUSE Linux Enterprise Server 12 (src):    qemu-2.0.2-48.19.1
SUSE Linux Enterprise Desktop 12 (src):    qemu-2.0.2-48.19.1
Comment 8 Swamp Workflow Management 2016-06-28 18:08:46 UTC 
SUSE-SU-2016:1698-1: An update that solves 33 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 895528,901508,928393,934069,936132,940929,944463,945404,945987,945989,947159,958491,958917,959005,960334,960725,961332,961333,961358,961556,961691,962320,963782,964413,967969,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5278,CVE-2015-5279,CVE-2015-5745,CVE-2015-6855,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kvm-1.4.2-46.1
Comment 9 Swamp Workflow Management 2016-06-29 09:08:06 UTC 
SUSE-SU-2016:1703-1: An update that solves 32 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 886378,940929,958491,958917,959005,959386,960334,960708,960725,960835,961332,961333,961358,961556,961691,962320,963782,964411,964413,967969,969121,969122,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723,981266
CVE References: CVE-2015-5745,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2197,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441,CVE-2016-4952
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    qemu-2.3.1-14.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    qemu-2.3.1-14.1
Comment 10 Swamp Workflow Management 2016-07-06 20:04:48 UTC 
openSUSE-SU-2016:1750-1: An update that solves 32 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 886378,940929,958491,958917,959005,959386,960334,960708,960725,960835,961332,961333,961358,961556,961691,962320,963782,964411,964413,967969,969121,969122,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723,981266
CVE References: CVE-2015-5745,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2197,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441,CVE-2016-4952
Sources used:
openSUSE Leap 42.1 (src):    qemu-2.3.1-15.1, qemu-linux-user-2.3.1-15.1, qemu-testsuite-2.3.1-15.2
Comment 11 Swamp Workflow Management 2016-07-11 14:40:29 UTC 
SUSE-SU-2016:1785-1: An update that solves 33 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 895528,901508,928393,934069,936132,940929,944463,945404,945987,945989,947159,958491,958917,959005,960334,960725,961332,961333,961358,961556,961691,962320,963782,964413,967969,969350,970036,970037,975128,975136,975700,976109,978158,978160,980711,980723
CVE References: CVE-2014-3615,CVE-2014-3689,CVE-2014-9718,CVE-2015-3214,CVE-2015-5239,CVE-2015-5278,CVE-2015-5279,CVE-2015-5745,CVE-2015-6855,CVE-2015-7295,CVE-2015-7549,CVE-2015-8504,CVE-2015-8558,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2016-1568,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2538,CVE-2016-2841,CVE-2016-2857,CVE-2016-2858,CVE-2016-3710,CVE-2016-3712,CVE-2016-4001,CVE-2016-4002,CVE-2016-4020,CVE-2016-4037,CVE-2016-4439,CVE-2016-4441
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-44.1
Comment 12 Johannes Segitz 2016-07-25 11:31:28 UTC 
fixed everywhere