Bug 1043073 – VUL-0: CVE-2017-9374: kvm,qemu: usb: ehci host memory leakage during hotunplug

Bug 1043073 - (CVE-2017-9374) VUL-0: CVE-2017-9374: kvm,qemu: usb: ehci host memory leakage during hotunplug

(CVE-2017-9374)
Summary:	VUL-0: CVE-2017-9374: kvm,qemu: usb: ehci host memory leakage during hotunplug

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assigned To:	Fei Li
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/186308/
Whiteboard:	CVSSv3:RedHat:CVE-2017-9374:3.0:(AV:A...
Keywords:

Depends on:
Blocks:	1043074
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-06-07 08:34 UTC by Johannes Segitz
Modified:	2017-11-08 15:42 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2017-06-07 08:34:43 UTC

author	Li Qiang

In usb_ehci_init function, it initializes 's->ipacket', but there
is no corresponding function to free this. As the ehci can be hotplug
and unplug, this will leak host memory leak. In order to make the
hierarchy clean, we should add a ehci pci finalize function, then call
the clean function in ehci device.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1459132
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9374
http://seclists.org/oss-sec/2017/q2/420
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9374.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9374
http://git.qemu.org/?p=qemu.git;a=commit;h=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0

Comment 1 Swamp Workflow Management 2017-07-04 19:20:47 UTC

SUSE-SU-2017:1774-1: An update that solves 23 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1016503,1016504,1017081,1017084,1020427,1021741,1025109,1025311,1028184,1028656,1030624,1031142,1032075,1034866,1034908,1035406,1035950,1036211,1037242,1037334,1037336,1039495,1042159,1042800,1042801,1043073,1043296
CVE References: CVE-2016-10028,CVE-2016-10029,CVE-2016-9602,CVE-2016-9603,CVE-2017-5579,CVE-2017-5973,CVE-2017-5987,CVE-2017-6505,CVE-2017-7377,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8112,CVE-2017-8309,CVE-2017-8379,CVE-2017-8380,CVE-2017-9330,CVE-2017-9373,CVE-2017-9374,CVE-2017-9375,CVE-2017-9503
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    qemu-2.6.2-41.16.1
SUSE Linux Enterprise Server 12-SP2 (src):    qemu-2.6.2-41.16.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    qemu-2.6.2-41.16.1

Comment 2 Swamp Workflow Management 2017-07-14 22:14:21 UTC

openSUSE-SU-2017:1872-1: An update that solves 23 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1016503,1016504,1017081,1017084,1020427,1021741,1025109,1025311,1028184,1028656,1030624,1031142,1032075,1034866,1034908,1035406,1035950,1036211,1037242,1037334,1037336,1039495,1042159,1042800,1042801,1043073,1043296
CVE References: CVE-2016-10028,CVE-2016-10029,CVE-2016-9602,CVE-2016-9603,CVE-2017-5579,CVE-2017-5973,CVE-2017-5987,CVE-2017-6505,CVE-2017-7377,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8112,CVE-2017-8309,CVE-2017-8379,CVE-2017-8380,CVE-2017-9330,CVE-2017-9373,CVE-2017-9374,CVE-2017-9375,CVE-2017-9503
Sources used:
openSUSE Leap 42.2 (src):    qemu-2.6.2-31.3.3, qemu-linux-user-2.6.2-31.3.1, qemu-testsuite-2.6.2-31.3.6

Comment 3 Bruce Rogers 2017-09-11 21:02:51 UTC

This patch is now qemu's upstream git commit id d710e1e7bd3d5bfc26b631f02ae87901ebe646b0

Comment 4 Marcus Meissner 2017-10-25 19:41:38 UTC

released

Comment 5 Swamp Workflow Management 2017-11-08 11:13:08 UTC

SUSE-SU-2017:2946-1: An update that solves 33 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1020427,1021741,1025109,1025311,1028184,1028656,1030624,1032075,1034866,1034908,1035406,1035950,1036211,1037242,1037334,1037336,1039495,1042159,1042800,1042801,1043073,1043296,1045035,1046636,1047674,1048902,1049381,1054724,1056334,1057378,1057585,1062069,1063122,994418,994605
CVE References: CVE-2016-6834,CVE-2016-6835,CVE-2016-9602,CVE-2016-9603,CVE-2017-10664,CVE-2017-10806,CVE-2017-10911,CVE-2017-11334,CVE-2017-11434,CVE-2017-12809,CVE-2017-13672,CVE-2017-14167,CVE-2017-15038,CVE-2017-15289,CVE-2017-5579,CVE-2017-5973,CVE-2017-5987,CVE-2017-6505,CVE-2017-7377,CVE-2017-7471,CVE-2017-7493,CVE-2017-7718,CVE-2017-7980,CVE-2017-8086,CVE-2017-8112,CVE-2017-8309,CVE-2017-8379,CVE-2017-8380,CVE-2017-9330,CVE-2017-9373,CVE-2017-9374,CVE-2017-9375,CVE-2017-9503
Sources used:
SUSE OpenStack Cloud 6 (src):    qemu-2.3.1-33.3.3
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    qemu-2.3.1-33.3.3
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    qemu-2.3.1-33.3.3