Bugzilla – Bug 1083291
VUL-0: CVE-2018-7550 qemu, kvm: i386: multiboot OOB access while loading kernel image
Last modified: 2018-08-20 05:49:56 UTC
Quick Emulator(QEMU) built with the PC System Emulator with multiboot feature support is vulnerable to an OOB r/w memory access issue. It could occur while loading a kernel image during a guest boot if muliboot head addresses mh_load_end_addr was greater than mh_bss_end_addr. A user/process could use this flaw to potentially achieve arbitrary code execution on a host. Patch: https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html Please include this in the current round you're working on References: https://bugzilla.redhat.com/show_bug.cgi?id=1549798 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7550
Fix has been kept changing until yesterday, will keep tracking. multiboot: check mh_load_end_addr address field multiboot: bss_end_addr can be zero / c to: multiboot: Check validity of mh_header_addr https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg04423.html
SUSE-SU-2018:0762-1: An update that solves 8 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1040202,1068032,1068613,1070144,1071228,1073489,1074572,1076114,1076775,1076813,1082276,1083291 CVE References: CVE-2017-15119,CVE-2017-15124,CVE-2017-16845,CVE-2017-17381,CVE-2017-18043,CVE-2017-5715,CVE-2018-5683,CVE-2018-7550 Sources used: SUSE Linux Enterprise Server 12-SP3 (src): qemu-2.9.1-6.12.1 SUSE Linux Enterprise Desktop 12-SP3 (src): qemu-2.9.1-6.12.1 SUSE CaaS Platform ALL (src): qemu-2.9.1-6.12.1
openSUSE-SU-2018:0780-1: An update that solves 8 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1040202,1068032,1068613,1070144,1071228,1073489,1074572,1076114,1076775,1076813,1082276,1083291 CVE References: CVE-2017-15119,CVE-2017-15124,CVE-2017-16845,CVE-2017-17381,CVE-2017-18043,CVE-2017-5715,CVE-2018-5683,CVE-2018-7550 Sources used: openSUSE Leap 42.3 (src): qemu-2.9.1-41.1, qemu-linux-user-2.9.1-41.1, qemu-testsuite-2.9.1-41.1
SUSE-SU-2018:0831-1: An update that solves 9 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1040202,1068032,1068613,1070144,1071228,1073489,1076114,1076179,1076775,1076814,1082276,1083291,1085598 CVE References: CVE-2017-15119,CVE-2017-15124,CVE-2017-16845,CVE-2017-17381,CVE-2017-18030,CVE-2017-18043,CVE-2017-5715,CVE-2018-5683,CVE-2018-7550 Sources used: SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): qemu-2.6.2-41.37.1 SUSE Linux Enterprise Server 12-SP2 (src): qemu-2.6.2-41.37.1 SUSE Linux Enterprise Desktop 12-SP2 (src): qemu-2.6.2-41.37.1
SUSE-SU-2018:1077-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1068032,1076114,1076179,1082276,1083291 CVE References: CVE-2017-18030,CVE-2017-5715,CVE-2018-5683,CVE-2018-7550 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): kvm-1.4.2-60.9.1
SUSE-SU-2018:1308-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1068032,1076114,1076179,1082276,1083291 CVE References: CVE-2017-18030,CVE-2017-5715,CVE-2018-5683,CVE-2018-7550 Sources used: SUSE Linux Enterprise Server 11-SP3-LTSS (src): kvm-1.4.2-53.17.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): kvm-1.4.2-53.17.1
SUSE-SU-2018:2340-1: An update that solves three vulnerabilities and has four fixes is now available. Category: security (moderate) Bug References: 1083291,1087082,1091695,1094725,1094898,1094913,1096223 CVE References: CVE-2018-11806,CVE-2018-3639,CVE-2018-7550 Sources used: SUSE Linux Enterprise Module for Server Applications 15 (src): qemu-2.11.2-9.4.1 SUSE Linux Enterprise Module for Basesystem 15 (src): qemu-2.11.2-9.4.1
openSUSE-SU-2018:2402-1: An update that solves three vulnerabilities and has four fixes is now available. Category: security (moderate) Bug References: 1083291,1087082,1091695,1094725,1094898,1094913,1096223 CVE References: CVE-2018-11806,CVE-2018-3639,CVE-2018-7550 Sources used: openSUSE Leap 15.0 (src): qemu-2.11.2-lp150.7.6.1, qemu-linux-user-2.11.2-lp150.7.6.1, qemu-testsuite-2.11.2-lp150.7.6.1
released