Bug 964415

Summary: VUL-1: CVE-2016-2198: xen: usb: ehci null pointer dereference in ehci_caps_write
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: carnold, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/161448/
Whiteboard: CVSSv2:SUSE:CVE-2016-2198:2.3:(AV:A/AC:M/Au:S/C:N/I:N/A:P)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Segitz 2016-02-01 10:19:08 UTC 
+++ This bug was initially created as a clone of Bug #964413 +++

rh#1301643

Qemu emulator built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers.

A privileged user inside quest could use this flaw to crash the Qemu process instance resulting in DoS.

Patch: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1301643
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2198
http://seclists.org/oss-sec/2016/q1/255
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2198.html
Comment 2 Swamp Workflow Management 2016-02-01 23:01:13 UTC 
bugbot adjusting priority
Comment 3 Charles Arnold 2016-02-27 00:51:55 UTC 
This bug may be included in one or more of the
submissions listed below.

SUSE:SLE-12-SP1:Update: 98638
SUSE:SLE-12:Update: 98642
SUSE:SLE-11-SP4:Update: 98646
SUSE:SLE-11-SP3:Update: 98650
SUSE:SLE-11-SP2:Update: 98654
SUSE:SLE-11-SP1:Update:Teradata: 98658
SUSE:SLE-11-SP1:Update: 98662
SUSE:SLE-10-SP4:Update:Test: 98666
SUSE:SLE-10-SP3:Update:Test: 98670

openSUSE:Factory: 362063
openSUSE:Leap:42.1:Update: 362057
openSUSE:13.2:Update: 362060
Comment 4 Swamp Workflow Management 2016-05-17 16:12:26 UTC 
SUSE-SU-2016:1318-1: An update that solves 45 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 954872,956832,957988,958007,958009,958493,958523,958918,959006,959387,959695,960707,960726,960836,960861,960862,961332,961358,961692,962321,962335,962360,962611,962627,962632,962642,962758,963783,963923,964415,964431,964452,964644,964746,964925,964929,964947,964950,965112,965156,965269,965315,965317,967090,967101,968004,969125,969126
CVE References: CVE-2013-4527,CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-7549,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    xen-4.4.4_02-22.19.1
SUSE Linux Enterprise Server 12 (src):    xen-4.4.4_02-22.19.1
SUSE Linux Enterprise Desktop 12 (src):    xen-4.4.4_02-22.19.1