Bugzilla – Full Text Bug Listing
|Summary:||VUL-1: CVE-2020-24352: kvm,qemu: out-of-bounds read/write in ati-vga device emulation in ati_2d_blt()|
|Product:||[Novell Products] SUSE Security Incidents||Reporter:||Robert Frohl <rfrohl>|
|Component:||Incidents||Assignee:||Security Team bot <security-team>|
|Status:||RESOLVED FIXED||QA Contact:||Security Team bot <security-team>|
|Priority:||P4 - Low||CC:||atoptsoglou, brogers, smash_bz|
|Found By:||Security Response Team||Services Priority:|
|Marketing QA Status:||---||IT Deployment:||---|
Description Robert Frohl 2020-08-17 15:12:55 UTC
rh#1847584 An out-of-bounds read/write flaw was found in the ATI VGA device implementation of the QEMU emulator. It occurs in the ati_2d_blt() routine while handling MMIO write operations from the guest. A malicious guest user could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. References: https://bugzilla.redhat.com/show_bug.cgi?id=1847584 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24352 https://access.redhat.com/security/cve/CVE-2020-24352
Comment 1 Robert Frohl 2020-08-17 15:15:30 UTC
information is a bit sparse for this one.
Comment 2 Bruce Rogers 2020-08-25 20:38:34 UTC
It seems that the fix for this issue is commit ac2071c3791b67fc7af78b8ceb320c01ca1b5df7, which is included in v5.0.0. The feature was first included in v4.0.0 qemu, so only SLE15-SP2 (v4.2.0) qemu is affected.
Comment 3 Bruce Rogers 2020-09-16 23:51:35 UTC
This was fully fixed with the v4.2.1 update for qemu, which has already been released to customers. I'm adding a note to that effect in SLE-15-SP2 qemu changelog about to be submitted for next maintenance update.
Comment 6 Swamp Workflow Management 2020-10-07 16:17:09 UTC
SUSE-SU-2020:2877-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1174386,1174641,1174863,1175370,1175441,1176494 CVE References: CVE-2020-14364,CVE-2020-15863,CVE-2020-16092,CVE-2020-24352 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): qemu-4.2.1-11.10.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): qemu-4.2.1-11.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2020-10-13 04:14:46 UTC
openSUSE-SU-2020:1664-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1174386,1174641,1174863,1175370,1175441,1176494 CVE References: CVE-2020-14364,CVE-2020-15863,CVE-2020-16092,CVE-2020-24352 JIRA References: Sources used: openSUSE Leap 15.2 (src): qemu-4.2.1-lp220.127.116.11, qemu-linux-user-4.2.1-lp18.104.22.168, qemu-testsuite-4.2.1-lp22.214.171.124
Comment 8 Alexandros Toptsoglou 2020-11-03 15:34:27 UTC