Bug 1034994 - VUL-0: CVE-2017-7718: xen: qemu: display: cirrus: OOB read access issue
VUL-0: CVE-2017-7718: xen: qemu: display: cirrus: OOB read access issue
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:oes2015:63591 maint:pl...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-19 14:49 UTC by Marcus Meissner
Modified: 2021-01-21 18:17 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-04-19 14:49:52 UTC
+++ This bug was initially created as a clone of Bug #1034908 +++

Ref: http://seclists.org/oss-sec/2017/q2/94
====================================================
Hello,

Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt functions cirrus_bitblt_rop_fwd_transp_ and/or cirrus_bitblt_rop_fwd_.

A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS.

Upstream patch
--------------
  -> http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1443441

This issue was reported by Jiangxin of PSIRT Huawei Inc.

'CVE-2017-7718' assigned via -> http://cveform.mitre.org/

Thank you.
-- 
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
====================================================
Comment 1 Marcus Meissner 2017-04-19 14:50:37 UTC
all xen versions affected.
Comment 2 Charles Arnold 2017-04-26 22:53:54 UTC
Submit Requests:

SUSE:SLE-12-SP2:Update: 131838
SUSE:SLE-12-SP1:Update: 131839
SUSE:SLE-12:Update: 131840
SUSE:SLE-11-SP4:Update: 131841
SUSE:SLE-11-SP3:Update:Teradata: 131842
SUSE:SLE-11-SP3:Update: 131843
SUSE:SLE-11-SP1:Update:Teradata: 131844
Comment 3 Swamp Workflow Management 2017-05-02 16:11:27 UTC
SUSE-SU-2017:1143-1: An update that solves two vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1022703,1028655,1029827,1030144,1034843,1034844,1034994,1036146
CVE References: CVE-2016-9603,CVE-2017-7718
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    xen-4.7.2_04-39.1
SUSE Linux Enterprise Server 12-SP2 (src):    xen-4.7.2_04-39.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    xen-4.7.2_04-39.1
Comment 4 Swamp Workflow Management 2017-05-02 16:13:05 UTC
SUSE-SU-2017:1145-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1028655,1029827,1030144,1034843,1034844,1034845,1034994,1035483
CVE References: CVE-2016-9603,CVE-2017-7718,CVE-2017-7980
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xen-4.4.4_18-57.1
SUSE Linux Enterprise Server 11-SP4 (src):    xen-4.4.4_18-57.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xen-4.4.4_18-57.1
Comment 5 Swamp Workflow Management 2017-05-02 16:14:22 UTC
SUSE-SU-2017:1146-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1028655,1033948,1034843,1034844,1034845,1034994,1035483
CVE References: CVE-2016-9603,CVE-2017-7718,CVE-2017-7980,CVE-2017-7995
Sources used:
SUSE OpenStack Cloud 5 (src):    xen-4.2.5_21-41.1
SUSE Manager Proxy 2.1 (src):    xen-4.2.5_21-41.1
SUSE Manager 2.1 (src):    xen-4.2.5_21-41.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    xen-4.2.5_21-41.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xen-4.2.5_21-41.1
Comment 6 Swamp Workflow Management 2017-05-02 16:17:11 UTC
SUSE-SU-2017:1147-1: An update that solves 6 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1015348,1022555,1026636,1027519,1027570,1028235,1028655,1029827,1030144,1030442,1034843,1034844,1034845,1034994,1035483
CVE References: CVE-2016-9603,CVE-2017-2633,CVE-2017-6414,CVE-2017-6505,CVE-2017-7718,CVE-2017-7980
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    xen-4.5.5_10-22.14.1
SUSE Linux Enterprise Server 12-SP1 (src):    xen-4.5.5_10-22.14.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    xen-4.5.5_10-22.14.1
Comment 7 Swamp Workflow Management 2017-05-02 16:18:14 UTC
SUSE-SU-2017:1148-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1029827,1034843,1034844,1034845,1034994,1035483
CVE References: CVE-2017-7718,CVE-2017-7980
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    xen-4.4.4_18-22.39.1
SUSE Linux Enterprise Server 12-LTSS (src):    xen-4.4.4_18-22.39.1
Comment 8 Swamp Workflow Management 2017-05-09 13:09:53 UTC
openSUSE-SU-2017:1221-1: An update that solves two vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1022703,1028655,1029827,1030144,1034843,1034844,1034994,1036146
CVE References: CVE-2016-9603,CVE-2017-7718
Sources used:
openSUSE Leap 42.2 (src):    xen-4.7.2_04-11.6.1
Comment 9 Marcus Meissner 2017-10-25 19:15:57 UTC
released