Bug 1043297 - VUL-1: CVE-2017-9503: xen: scsi: megasas: null pointer dereference while processing megasas command
VUL-1: CVE-2017-9503: xen: scsi: megasas: null pointer dereference while proc...
Status: RESOLVED FIXED
: 1043312 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/186399/
:
Depends on: CVE-2017-9503
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-08 06:50 UTC by Alexander Bergmann
Modified: 2017-10-25 19:43 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-06-08 06:50:11 UTC
This bug was opened to check if the qemu code in xen is affected by this problem.

+++ This bug was initially created as a clone of Bug #1043296 +++

rh#1459477

Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter
emulation support is vulnerable to a null pointer dereference issue. It
could occur while processing megasas commands via megasas_command_complete().

A privileged user inside guest could use this flaw to crash the Qemu process
on the host resulting in DoS.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html
  -> https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2017/06/08/1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1459477
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9503
Comment 1 Johannes Segitz 2017-06-08 07:47:16 UTC
*** Bug 1043312 has been marked as a duplicate of this bug. ***
Comment 2 Swamp Workflow Management 2017-07-04 19:13:56 UTC
SUSE-SU-2017:1770-1: An update that solves 6 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1014136,1026236,1027519,1031460,1032148,1034845,1036470,1037243,1042160,1042863,1042882,1042893,1042915,1042924,1042931,1042938,1043074,1043297
CVE References: CVE-2017-8112,CVE-2017-8309,CVE-2017-8905,CVE-2017-9330,CVE-2017-9374,CVE-2017-9503
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    xen-4.4.4_20-60.3
SUSE Linux Enterprise Server 11-SP4 (src):    xen-4.4.4_20-60.3
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    xen-4.4.4_20-60.3
Comment 3 Swamp Workflow Management 2017-07-06 13:18:26 UTC
SUSE-SU-2017:1795-1: An update that solves 16 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1014136,1026236,1027519,1031460,1032148,1034845,1036470,1037243,1042160,1042863,1042882,1042893,1042915,1042924,1042931,1042938,1043074,1043297
CVE References: CVE-2017-10911,CVE-2017-10912,CVE-2017-10913,CVE-2017-10914,CVE-2017-10915,CVE-2017-10917,CVE-2017-10918,CVE-2017-10920,CVE-2017-10921,CVE-2017-10922,CVE-2017-8112,CVE-2017-8309,CVE-2017-8905,CVE-2017-9330,CVE-2017-9374,CVE-2017-9503
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    xen-4.4.4_21-22.42.1
SUSE Linux Enterprise Server 12-LTSS (src):    xen-4.4.4_21-22.42.1
Comment 4 Swamp Workflow Management 2017-07-07 13:12:51 UTC
SUSE-SU-2017:1812-1: An update that solves 17 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1014136,1026236,1027519,1031460,1034845,1036470,1037243,1042160,1042863,1042882,1042893,1042915,1042923,1042924,1042931,1042938,1043074,1043297
CVE References: CVE-2017-10911,CVE-2017-10912,CVE-2017-10913,CVE-2017-10914,CVE-2017-10915,CVE-2017-10916,CVE-2017-10917,CVE-2017-10918,CVE-2017-10920,CVE-2017-10921,CVE-2017-10922,CVE-2017-8112,CVE-2017-8309,CVE-2017-8905,CVE-2017-9330,CVE-2017-9374,CVE-2017-9503
Sources used:
SUSE OpenStack Cloud 6 (src):    xen-4.5.5_12-22.18.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    xen-4.5.5_12-22.18.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    xen-4.5.5_12-22.18.1
Comment 5 Charles Arnold 2017-07-28 19:02:42 UTC
No code to patch in the SLE11 SP3 Xen qemu and older.
It has no megasas driver.
Comment 6 Marcus Meissner 2017-10-25 19:43:57 UTC
released