Bugzilla – Bug 994760
VUL-0: CVE-2016-6836: kvm,qemu: net: vmxnet: Information leakage in vmxnet3_complete_packet
Last modified: 2017-03-08 16:49:50 UTC
http://seclists.org/oss-sec/2016/q3/262 Hello, Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is vulnerable to an information leakage issue. It could occur while processing transmit(tx) queue, when it reaches the end of packet. A privileged user inside guest could use this leak host memory bytes to a guest. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html Reference: -> https://bugzilla.redhat.com/show_bug.cgi?id=1366369 This issue was reported by Li Qiang of 360.cn Inc. References: https://bugzilla.redhat.com/show_bug.cgi?id=1366369 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6836 http://seclists.org/oss-sec/2016/q3/311 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6836.html
qemu from sle12 onwards is affected. kvm and qemu on sle11 is not affected (does not have the function)
bugbot adjusting priority
SUSE-SU-2016:2589-1: An update that solves 19 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1000048,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859 CVE References: CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): qemu-2.3.1-21.1 SUSE Linux Enterprise Desktop 12-SP1 (src): qemu-2.3.1-21.1
openSUSE-SU-2016:2642-1: An update that solves 19 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1000048,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859 CVE References: CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156 Sources used: openSUSE Leap 42.1 (src): qemu-2.3.1-19.3, qemu-linux-user-2.3.1-19.1, qemu-testsuite-2.3.1-19.6
SUSE-SU-2016:2781-1: An update that fixes 21 vulnerabilities is now available. Category: security (moderate) Bug References: 893323,944697,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859 CVE References: CVE-2014-5388,CVE-2015-6815,CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156 Sources used: SUSE Linux Enterprise Server for SAP 12 (src): qemu-2.0.2-48.22.1 SUSE Linux Enterprise Server 12-LTSS (src): qemu-2.0.2-48.22.1
Fixed.