Bug 1043074 - VUL-0: CVE-2017-9374: xen: usb: ehci host memory leakage during hotunplug
VUL-0: CVE-2017-9374: xen: usb: ehci host memory leakage during hotunplug
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/186308/
:
Depends on: CVE-2017-9374
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-07 08:36 UTC by Johannes Segitz
Modified: 2017-10-25 19:41 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-06-07 08:36:12 UTC
+++ This bug was initially created as a clone of Bug #1043073 +++

author	Li Qiang

In usb_ehci_init function, it initializes 's->ipacket', but there
is no corresponding function to free this. As the ehci can be hotplug
and unplug, this will leak host memory leak. In order to make the
hierarchy clean, we should add a ehci pci finalize function, then call
the clean function in ehci device.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1459132
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9374
http://seclists.org/oss-sec/2017/q2/420
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9374.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9374
http://git.qemu.org/?p=qemu.git;a=commit;h=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0
Comment 1 Swamp Workflow Management 2017-07-04 19:13:49 UTC
SUSE-SU-2017:1770-1: An update that solves 6 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1014136,1026236,1027519,1031460,1032148,1034845,1036470,1037243,1042160,1042863,1042882,1042893,1042915,1042924,1042931,1042938,1043074,1043297
CVE References: CVE-2017-8112,CVE-2017-8309,CVE-2017-8905,CVE-2017-9330,CVE-2017-9374,CVE-2017-9503
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xen-4.4.4_20-60.3
SUSE Linux Enterprise Server 11-SP4 (src):    xen-4.4.4_20-60.3
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xen-4.4.4_20-60.3
Comment 2 Swamp Workflow Management 2017-07-06 13:18:17 UTC
SUSE-SU-2017:1795-1: An update that solves 16 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1014136,1026236,1027519,1031460,1032148,1034845,1036470,1037243,1042160,1042863,1042882,1042893,1042915,1042924,1042931,1042938,1043074,1043297
CVE References: CVE-2017-10911,CVE-2017-10912,CVE-2017-10913,CVE-2017-10914,CVE-2017-10915,CVE-2017-10917,CVE-2017-10918,CVE-2017-10920,CVE-2017-10921,CVE-2017-10922,CVE-2017-8112,CVE-2017-8309,CVE-2017-8905,CVE-2017-9330,CVE-2017-9374,CVE-2017-9503
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    xen-4.4.4_21-22.42.1
SUSE Linux Enterprise Server 12-LTSS (src):    xen-4.4.4_21-22.42.1
Comment 3 Swamp Workflow Management 2017-07-07 13:12:43 UTC
SUSE-SU-2017:1812-1: An update that solves 17 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1014136,1026236,1027519,1031460,1034845,1036470,1037243,1042160,1042863,1042882,1042893,1042915,1042923,1042924,1042931,1042938,1043074,1043297
CVE References: CVE-2017-10911,CVE-2017-10912,CVE-2017-10913,CVE-2017-10914,CVE-2017-10915,CVE-2017-10916,CVE-2017-10917,CVE-2017-10918,CVE-2017-10920,CVE-2017-10921,CVE-2017-10922,CVE-2017-8112,CVE-2017-8309,CVE-2017-8905,CVE-2017-9330,CVE-2017-9374,CVE-2017-9503
Sources used:
SUSE OpenStack Cloud 6 (src):    xen-4.5.5_12-22.18.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    xen-4.5.5_12-22.18.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    xen-4.5.5_12-22.18.1
Comment 4 Charles Arnold 2017-07-28 19:02:04 UTC
This patch is for ehci (usb 2.0) found in the upstream qemu. However, the
version of the xen upstream qemu in SLE11 SP3 is too old and a fprintf
statement issued in the usb ehci initialization code says,
"*** EHCI support is under development ***\n"

So nothing usable that can be patched in SLE11 SP3 and older.
Comment 5 Marcus Meissner 2017-10-25 19:41:51 UTC
released