Bugzilla – Bug 994774
VUL-0: CVE-2016-6833: kvm,qemu: net: vmxnet3: use after free while writing
Last modified: 2017-03-08 16:23:13 UTC
CVE-2016-6833 Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is vulnerable to a use-after-free issue. It could occur while writing to the device once it's disabled. A privileged user inside guest could use this issue to crash the Qemu instance resulting in DoS. https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html Vmxnet3 device emulator does not check if the device is active, before using it for write. It leads to a use after free issue, if the vmxnet3_io_bar0_write routine is called after the device is deactivated. Add check to avoid it. http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8 Use CVE-2016-6833. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6833 http://seclists.org/oss-sec/2016/q3/309 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6833.html
qemu on sle12 and newer affected. sle11 not affected, neither qemu and kvm
bugbot adjusting priority
SUSE-SU-2016:2589-1: An update that solves 19 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1000048,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859 CVE References: CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): qemu-2.3.1-21.1 SUSE Linux Enterprise Desktop 12-SP1 (src): qemu-2.3.1-21.1
openSUSE-SU-2016:2642-1: An update that solves 19 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1000048,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859 CVE References: CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156 Sources used: openSUSE Leap 42.1 (src): qemu-2.3.1-19.3, qemu-linux-user-2.3.1-19.1, qemu-testsuite-2.3.1-19.6
SUSE-SU-2016:2781-1: An update that fixes 21 vulnerabilities is now available. Category: security (moderate) Bug References: 893323,944697,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859 CVE References: CVE-2014-5388,CVE-2015-6815,CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156 Sources used: SUSE Linux Enterprise Server for SAP 12 (src): qemu-2.0.2-48.22.1 SUSE Linux Enterprise Server 12-LTSS (src): qemu-2.0.2-48.22.1
Fixed.