Bug 1034994 – VUL-0: CVE-2017-7718: xen: qemu: display: cirrus: OOB read access issue

Bug 1034994 - VUL-0: CVE-2017-7718: xen: qemu: display: cirrus: OOB read access issue


Summary:	VUL-0: CVE-2017-7718: xen: qemu: display: cirrus: OOB read access issue

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:oes2015:63591 maint:pl...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-04-19 14:49 UTC by Marcus Meissner
Modified:	2021-01-21 18:17 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2017-04-19 14:49:52 UTC

+++ This bug was initially created as a clone of Bug #1034908 +++

Ref: http://seclists.org/oss-sec/2017/q2/94
====================================================
Hello,

Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt functions cirrus_bitblt_rop_fwd_transp_ and/or cirrus_bitblt_rop_fwd_.

A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS.

Upstream patch
--------------
  -> http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1443441

This issue was reported by Jiangxin of PSIRT Huawei Inc.

'CVE-2017-7718' assigned via -> http://cveform.mitre.org/

Thank you.
-- 
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
====================================================

Comment 1 Marcus Meissner 2017-04-19 14:50:37 UTC

all xen versions affected.

Comment 2 Charles Arnold 2017-04-26 22:53:54 UTC

Submit Requests:

SUSE:SLE-12-SP2:Update: 131838
SUSE:SLE-12-SP1:Update: 131839
SUSE:SLE-12:Update: 131840
SUSE:SLE-11-SP4:Update: 131841
SUSE:SLE-11-SP3:Update:Teradata: 131842
SUSE:SLE-11-SP3:Update: 131843
SUSE:SLE-11-SP1:Update:Teradata: 131844

Comment 3 Swamp Workflow Management 2017-05-02 16:11:27 UTC

SUSE-SU-2017:1143-1: An update that solves two vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1022703,1028655,1029827,1030144,1034843,1034844,1034994,1036146
CVE References: CVE-2016-9603,CVE-2017-7718
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    xen-4.7.2_04-39.1
SUSE Linux Enterprise Server 12-SP2 (src):    xen-4.7.2_04-39.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    xen-4.7.2_04-39.1

Comment 4 Swamp Workflow Management 2017-05-02 16:13:05 UTC

SUSE-SU-2017:1145-1: An update that solves three vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1028655,1029827,1030144,1034843,1034844,1034845,1034994,1035483
CVE References: CVE-2016-9603,CVE-2017-7718,CVE-2017-7980
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xen-4.4.4_18-57.1
SUSE Linux Enterprise Server 11-SP4 (src):    xen-4.4.4_18-57.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xen-4.4.4_18-57.1

Comment 5 Swamp Workflow Management 2017-05-02 16:14:22 UTC

SUSE-SU-2017:1146-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1028655,1033948,1034843,1034844,1034845,1034994,1035483
CVE References: CVE-2016-9603,CVE-2017-7718,CVE-2017-7980,CVE-2017-7995
Sources used:
SUSE OpenStack Cloud 5 (src):    xen-4.2.5_21-41.1
SUSE Manager Proxy 2.1 (src):    xen-4.2.5_21-41.1
SUSE Manager 2.1 (src):    xen-4.2.5_21-41.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    xen-4.2.5_21-41.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    xen-4.2.5_21-41.1

Comment 6 Swamp Workflow Management 2017-05-02 16:17:11 UTC

SUSE-SU-2017:1147-1: An update that solves 6 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 1015348,1022555,1026636,1027519,1027570,1028235,1028655,1029827,1030144,1030442,1034843,1034844,1034845,1034994,1035483
CVE References: CVE-2016-9603,CVE-2017-2633,CVE-2017-6414,CVE-2017-6505,CVE-2017-7718,CVE-2017-7980
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    xen-4.5.5_10-22.14.1
SUSE Linux Enterprise Server 12-SP1 (src):    xen-4.5.5_10-22.14.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    xen-4.5.5_10-22.14.1

Comment 7 Swamp Workflow Management 2017-05-02 16:18:14 UTC

SUSE-SU-2017:1148-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1029827,1034843,1034844,1034845,1034994,1035483
CVE References: CVE-2017-7718,CVE-2017-7980
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    xen-4.4.4_18-22.39.1
SUSE Linux Enterprise Server 12-LTSS (src):    xen-4.4.4_18-22.39.1

Comment 8 Swamp Workflow Management 2017-05-09 13:09:53 UTC

openSUSE-SU-2017:1221-1: An update that solves two vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1022703,1028655,1029827,1030144,1034843,1034844,1034994,1036146
CVE References: CVE-2016-9603,CVE-2017-7718
Sources used:
openSUSE Leap 42.2 (src):    xen-4.7.2_04-11.6.1

Comment 9 Marcus Meissner 2017-10-25 19:15:57 UTC

released