Bug 982017 (CVE-2016-5105)

Summary: VUL-1: CVE-2016-5105: qemu, kvm: scsi: megasas: stack information leakage while reading configuration
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Bruce Rogers <brogers>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: abergmann, brogers, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/169493/
Whiteboard: CVSSv2:RedHat:CVE-2016-5105:2.3:(AV:A/AC:M/Au:S/C:P/I:N/A:N) CVSSv2:SUSE:CVE-2016-5105:1.5:(AV:L/AC:M/Au:S/C:P/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2016-05-27 12:48:49 UTC
rh#1339583

Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter
emulation support is vulnerable to an information leakage issue. It
could occur while processing MegaRAID Firmware Interface(MFI) command to read
device configuration in 'megasas_dcmd_cfg_read'.

A privileged user inside guest could use this flaw to leak host memory bytes.

Upstream patch:
  -> https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html

Reference:
  -> http://www.openwall.com/lists/oss-security/2016/05/25/5

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1339583
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5105
http://seclists.org/oss-sec/2016/q2/416
Comment 1 Swamp Workflow Management 2016-05-27 22:01:15 UTC
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2016-10-21 17:09:32 UTC
SUSE-SU-2016:2589-1: An update that solves 19 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1000048,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859
CVE References: CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    qemu-2.3.1-21.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    qemu-2.3.1-21.1
Comment 3 Swamp Workflow Management 2016-10-25 18:13:40 UTC
SUSE-SU-2016:2628-1: An update that fixes 16 vulnerabilities is now available.

Category: security (moderate)
Bug References: 902737,944697,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,996441
CVE References: CVE-2014-7815,CVE-2015-6815,CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-7116
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    kvm-1.4.2-47.1
Comment 4 Swamp Workflow Management 2016-10-26 12:12:09 UTC
openSUSE-SU-2016:2642-1: An update that solves 19 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1000048,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859
CVE References: CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156
Sources used:
openSUSE Leap 42.1 (src):    qemu-2.3.1-19.3, qemu-linux-user-2.3.1-19.1, qemu-testsuite-2.3.1-19.6
Comment 5 Swamp Workflow Management 2016-11-12 07:08:21 UTC
SUSE-SU-2016:2781-1: An update that fixes 21 vulnerabilities is now available.

Category: security (moderate)
Bug References: 893323,944697,967012,967013,982017,982018,982019,982222,982223,982285,982959,983961,983982,991080,991466,994760,994771,994774,996441,997858,997859
CVE References: CVE-2014-5388,CVE-2015-6815,CVE-2016-2391,CVE-2016-2392,CVE-2016-4453,CVE-2016-4454,CVE-2016-5105,CVE-2016-5106,CVE-2016-5107,CVE-2016-5126,CVE-2016-5238,CVE-2016-5337,CVE-2016-5338,CVE-2016-5403,CVE-2016-6490,CVE-2016-6833,CVE-2016-6836,CVE-2016-6888,CVE-2016-7116,CVE-2016-7155,CVE-2016-7156
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    qemu-2.0.2-48.22.1
SUSE Linux Enterprise Server 12-LTSS (src):    qemu-2.0.2-48.22.1
Comment 6 Bruce Rogers 2017-03-08 16:53:45 UTC
Fixed.