Bug 1062069 (CVE-2017-15038)

Summary: VUL-0: CVE-2017-15038 qemu: 9p: virtfs: information disclosure when reading extended attributes
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Fei Li <fli>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: abergmann, brogers, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/192888/
Whiteboard: CVSSv2:RedHat:CVE-2017-15038:2.3:(AV:A/AC:M/Au:S/C:P/I:N/A:N) CVSSv2:SUSE:CVE-2017-15038:2.3:(AV:A/AC:M/Au:S/C:P/I:N/A:N) CVSSv2:NVD:CVE-2017-15038:1.9:(AV:L/AC:M/Au:N/C:P/I:N/A:N) CVSSv3:SUSE:CVE-2017-15038:3.0:(AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N) CVSSv3:RedHat:CVE-2017-15038:3.0:(AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2017-10-06 13:53:16 UTC 
rh#1499110

Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9
File System(9pfs) support, is vulnerable to an information disclosure issue.
It could occur while accessing extended attributes of a file due to a race
condition.

A user inside guest could use this flaw to disclose uninitialised heap
memory contents on the host.

Upstream patch:
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html

Reference:
http://www.openwall.com/lists/oss-security/2017/10/06/1


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1499110
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15038
http://seclists.org/oss-sec/2017/q4/34
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15038
Comment 1 Alexander Bergmann 2017-10-06 13:54:16 UTC 
This bug is not affecting the SLE qemu copies of kvm and xen.
Comment 2 Swamp Workflow Management 2017-11-02 23:09:23 UTC 
SUSE-SU-2017:2924-1: An update that solves 8 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1054724,1055587,1056291,1056334,1057378,1057585,1057966,1062069,1062942,1063122
CVE References: CVE-2017-10911,CVE-2017-12809,CVE-2017-13672,CVE-2017-13711,CVE-2017-14167,CVE-2017-15038,CVE-2017-15268,CVE-2017-15289
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    qemu-2.9.1-6.6.3
SUSE Linux Enterprise Desktop 12-SP3 (src):    qemu-2.9.1-6.6.3
Comment 3 Swamp Workflow Management 2017-11-06 20:09:47 UTC 
SUSE-SU-2017:2936-1: An update that solves 12 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1043176,1043808,1046636,1047674,1048902,1049381,1054724,1056334,1057378,1057585,1057966,1059369,1062069,1062942,1063122,997358
CVE References: CVE-2017-10664,CVE-2017-10806,CVE-2017-10911,CVE-2017-11334,CVE-2017-11434,CVE-2017-12809,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15268,CVE-2017-15289,CVE-2017-9524
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    qemu-2.6.2-41.22.2
SUSE Linux Enterprise Server 12-SP2 (src):    qemu-2.6.2-41.22.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    qemu-2.6.2-41.22.2
Comment 4 Swamp Workflow Management 2017-11-07 05:10:29 UTC 
openSUSE-SU-2017:2938-1: An update that solves 8 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1054724,1055587,1056291,1056334,1057378,1057585,1057966,1062069,1062942,1063122
CVE References: CVE-2017-10911,CVE-2017-12809,CVE-2017-13672,CVE-2017-13711,CVE-2017-14167,CVE-2017-15038,CVE-2017-15268,CVE-2017-15289
Sources used:
openSUSE Leap 42.3 (src):    qemu-2.9.1-35.1, qemu-linux-user-2.9.1-35.1, qemu-testsuite-2.9.1-35.1
Comment 5 Swamp Workflow Management 2017-11-07 05:13:55 UTC 
openSUSE-SU-2017:2941-1: An update that solves 12 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1043176,1043808,1046636,1047674,1048902,1049381,1054724,1056334,1057378,1057585,1057966,1059369,1062069,1062942,1063122,997358
CVE References: CVE-2017-10664,CVE-2017-10806,CVE-2017-10911,CVE-2017-11334,CVE-2017-11434,CVE-2017-12809,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15268,CVE-2017-15289,CVE-2017-9524
Sources used:
openSUSE Leap 42.2 (src):    qemu-2.6.2-31.9.1, qemu-linux-user-2.6.2-31.9.1, qemu-testsuite-2.6.2-31.9.2
Comment 6 Swamp Workflow Management 2017-11-08 11:14:37 UTC 
SUSE-SU-2017:2946-1: An update that solves 33 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1020427,1021741,1025109,1025311,1028184,1028656,1030624,1032075,1034866,1034908,1035406,1035950,1036211,1037242,1037334,1037336,1039495,1042159,1042800,1042801,1043073,1043296,1045035,1046636,1047674,1048902,1049381,1054724,1056334,1057378,1057585,1062069,1063122,994418,994605
CVE References: CVE-2016-6834,CVE-2016-6835,CVE-2016-9602,CVE-2016-9603,CVE-2017-10664,CVE-2017-10806,CVE-2017-10911,CVE-2017-11334,CVE-2017-11434,CVE-2017-12809,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15289,CVE-2017-5579,CVE-2017-5973,CVE-2017-5987,CVE-2017-6505,CVE-2017-7377,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8112,CVE-2017-8309,CVE-2017-8379,CVE-2017-8380,CVE-2017-9330,CVE-2017-9373,CVE-2017-9374,CVE-2017-9375,CVE-2017-9503
Sources used:
SUSE OpenStack Cloud 6 (src):    qemu-2.3.1-33.3.3
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    qemu-2.3.1-33.3.3
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    qemu-2.3.1-33.3.3
Comment 7 Swamp Workflow Management 2017-11-10 08:09:46 UTC 
SUSE-SU-2017:2963-1: An update that solves 23 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1020427,1021741,1025109,1028184,1028656,1030624,1031051,1034044,1034866,1034908,1035406,1035950,1037242,1038396,1039495,1042159,1042800,1042801,1043296,1045035,1046636,1047674,1048902,1049381,1049785,1056334,1057585,1062069,1063122
CVE References: CVE-2016-9602,CVE-2016-9603,CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15289,CVE-2017-5579,CVE-2017-5973,CVE-2017-6505,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8309,CVE-2017-9330,CVE-2017-9373,CVE-2017-9375,CVE-2017-9503
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-60.3.1
Comment 8 Swamp Workflow Management 2017-11-10 08:23:35 UTC 
SUSE-SU-2017:2969-1: An update that solves 29 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1020427,1021741,1025109,1025311,1026612,1028184,1028656,1030624,1032075,1034866,1034908,1035406,1035950,1036211,1037242,1039495,1042159,1042800,1042801,1043296,1045035,1046636,1047674,1048902,1049381,1056334,1057585,1062069,1063122,994418,994605
CVE References: CVE-2016-6834,CVE-2016-6835,CVE-2016-9602,CVE-2016-9603,CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15289,CVE-2017-2633,CVE-2017-5579,CVE-2017-5973,CVE-2017-5987,CVE-2017-6505,CVE-2017-7377,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8112,CVE-2017-8309,CVE-2017-9330,CVE-2017-9373,CVE-2017-9375,CVE-2017-9503
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    qemu-2.0.2-48.34.3
Comment 9 Swamp Workflow Management 2017-11-24 20:17:43 UTC 
SUSE-SU-2017:3084-1: An update that solves 33 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1013285,1014109,1014111,1014702,1015048,1016779,1020427,1021129,1021741,1023004,1023053,1023907,1024972,1025109,1028184,1028656,1030624,1031051,1034044,1034866,1034908,1035406,1035950,1037242,1038396,1039495,1042159,1042800,1042801,1043296,1045035,1046636,1047674,1048902,1049381,1049785,1056334,1057585,1062069,1063122
CVE References: CVE-2016-10155,CVE-2016-9602,CVE-2016-9603,CVE-2016-9776,CVE-2016-9907,CVE-2016-9911,CVE-2016-9921,CVE-2016-9922,CVE-2017-10664,CVE-2017-10806,CVE-2017-11334,CVE-2017-11434,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15289,CVE-2017-2615,CVE-2017-2620,CVE-2017-5579,CVE-2017-5856,CVE-2017-5898,CVE-2017-5973,CVE-2017-6505,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8309,CVE-2017-9330,CVE-2017-9373,CVE-2017-9375,CVE-2017-9503
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kvm-1.4.2-53.11.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kvm-1.4.2-53.11.1
Comment 10 Marcus Meissner 2018-02-16 07:42:11 UTC 
reelased