Bugzilla – Bug 983982
VUL-0: CVE-2016-5338: kvm,qemu: scsi: esp: OOB r/w access while processing ESP_FIFO
Last modified: 2017-09-21 14:35:54 UTC
From: P J P <ppandit () redhat com> Date: Tue, 7 Jun 2016 12:50:04 +0530 (IST) Hello, Quick Emulator(Qemu) built with the ESP/NCR53C9x controller emulation support is vulnerable to an OOB r/w access issue. The controller uses 16-byte FIFO buffer the information transfer. The OOB r/w occurs while reading/writing to this buffer in esp_reg_read() and esp_reg_write() routines. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS OR potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1343323 This issue was independently discovered and reported by Li Qiang of 360.cn Inc and Security Team at Huawei Inc. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F References: https://bugzilla.redhat.com/show_bug.cgi?id=1343323 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5338 http://seclists.org/oss-sec/2016/q2/505
bugbot adjusting priority
SUSE-SU-2016:2589-1: An update that solves 19 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1000048,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859 CVE References: CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): qemu-2.3.1-21.1 SUSE Linux Enterprise Desktop 12-SP1 (src): qemu-2.3.1-21.1
SUSE-SU-2016:2628-1: An update that fixes 16 vulnerabilities is now available. Category: security (moderate) Bug References: 902737,944697,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,996441 CVE References: CVE-2014-7815,CVE-2015-6815,CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-7116 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): kvm-1.4.2-47.1
openSUSE-SU-2016:2642-1: An update that solves 19 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1000048,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859 CVE References: CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156 Sources used: openSUSE Leap 42.1 (src): qemu-2.3.1-19.3, qemu-linux-user-2.3.1-19.1, qemu-testsuite-2.3.1-19.6
SUSE-SU-2016:2781-1: An update that fixes 21 vulnerabilities is now available. Category: security (moderate) Bug References: 893323,944697,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859 CVE References: CVE-2014-5388,CVE-2015-6815,CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156 Sources used: SUSE Linux Enterprise Server for SAP 12 (src): qemu-2.0.2-48.22.1 SUSE Linux Enterprise Server 12-LTSS (src): qemu-2.0.2-48.22.1
Fixed.