Bugzilla – Bug 994605
VUL-0: CVE-2016-6835: kvm,qemu: Buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 deviceemulation.
Last modified: 2017-11-10 08:24:00 UTC
CVE-2016-6835 Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is vulnerable to an OOB read access. In that it does not check if packet headers does not check for IP header length. It could lead to a OOB access when reading further packet data. https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html I should have had marked it as "PATCH for v2.6.0" This is not yet available at http://git.qemu.org/?p=qemu.git;a=history;f=hw/net/vmxnet_tx_pkt.c;hb=stable-2.6 but that may be an expected place for a later update. Use CVE-2016-6835 for this buffer over-read. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6835 http://seclists.org/oss-sec/2016/q3/310 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6835.html
https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00071.html
qemu on sle12 onwards seems affected qemu and kvm on sle11 seems not affected (does not have the code)
bugbot adjusting priority
Fix is already in SLE12SP2 and later, also checked patch into qemu package under Devel:Virt:SLE-12-SP1 and Devel:Virt:SLE-12
back to us for tracking
not tracked for LTSS, regularly maintained products are fixed
SUSE-SU-2017:2946-1: An update that solves 33 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1020427,1021741,1025109,1025311,1028184,1028656,1030624,1032075,1034866,1034908,1035406,1035950,1036211,1037242,1037334,1037336,1039495,1042159,1042800,1042801,1043073,1043296,1045035,1046636,1047674,1048902,1049381,1054724,1056334,1057378,1057585,1062069,1063122,994418,994605 CVE References: CVE-2016-6834,CVE-2016-6835,CVE-2016-9602,CVE-2016-9603,CVE-2017-10664,CVE-2017-10806,CVE-2017-10911,CVE-2017-11334,CVE-2017-11434,CVE-2017-12809,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15289,CVE-2017-5579,CVE-2017-5973,CVE-2017-5987,CVE-2017-6505,CVE-2017-7377,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8112,CVE-2017-8309,CVE-2017-8379,CVE-2017-8380,CVE-2017-9330,CVE-2017-9373,CVE-2017-9374,CVE-2017-9375,CVE-2017-9503 Sources used: SUSE OpenStack Cloud 6 (src): qemu-2.3.1-33.3.3 SUSE Linux Enterprise Server for SAP 12-SP1 (src): qemu-2.3.1-33.3.3 SUSE Linux Enterprise Server 12-SP1-LTSS (src): qemu-2.3.1-33.3.3
SUSE-SU-2017:2969-1: An update that solves 29 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1020427,1021741,1025109,1025311,1026612,1028184,1028656,1030624,1032075,1034866,1034908,1035406,1035950,1036211,1037242,1039495,1042159,1042800,1042801,1043296,1045035,1046636,1047674,1048902,1049381,1056334,1057585,1062069,1063122,994418,994605 CVE References: CVE-2016-6834,CVE-2016-6835,CVE-2016-9602,CVE-2016-9603,CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15289,CVE-2017-2633,CVE-2017-5579,CVE-2017-5973,CVE-2017-5987,CVE-2017-6505,CVE-2017-7377,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8112,CVE-2017-8309,CVE-2017-9330,CVE-2017-9373,CVE-2017-9375,CVE-2017-9503 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): qemu-2.0.2-48.34.3