Bugzilla – Bug 1098744
VUL-0: CVE-2018-12617: xen: qemu-guest-agent: Integer overflow causes segmentation fault in qmp_guest_file_read() with g_malloc()
Last modified: 2020-06-10 16:02:46 UTC
+++ This bug was initially created as a clone of Bug #1098735 +++ rh#1594054 qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. References: https://bugzilla.redhat.com/show_bug.cgi?id=1594054 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12617 http://www.cvedetails.com/cve/CVE-2018-12617/ https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
The code is only relevant in Xen's upstream qemu for SLE11-SP3/SP4 and SLE12/SLE12-SP1.
SUSE-SU-2018:2037-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1027519,1079730,1095242,1096224,1097521,1097522,1098744 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-12891,CVE-2018-12893,CVE-2018-3665 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): xen-4.4.4_34-61.32.1 SUSE Linux Enterprise Server 11-SP4 (src): xen-4.4.4_34-61.32.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): xen-4.4.4_34-61.32.1
SUSE-SU-2018:2056-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1027519,1079730,1095242,1096224,1097521,1097522,1098744 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-12891,CVE-2018-12893,CVE-2018-3665 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): xen-4.4.4_34-22.71.2
SUSE-SU-2018:2069-1: An update that solves 5 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1027519,1079730,1095242,1096224,1097521,1097522,1098744 CVE References: CVE-2018-11806,CVE-2018-12617,CVE-2018-12891,CVE-2018-12893,CVE-2018-3665 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): xen-4.5.5_24-22.52.3 SUSE Linux Enterprise Server 12-SP1-LTSS (src): xen-4.5.5_24-22.52.3
released
SUSE-SU-2018:2528-1: An update that solves 12 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1027519,1074562,1079730,1090822,1090823,1091107,1092631,1095242,1096224,1097206,1097521,1097522,1098744 CVE References: CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2018-10981,CVE-2018-10982,CVE-2018-11806,CVE-2018-12617,CVE-2018-12891,CVE-2018-12893,CVE-2018-3639,CVE-2018-3646,CVE-2018-3665 Sources used: SUSE Linux Enterprise Server 11-SP3-LTSS (src): xen-4.2.5_21-45.25.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): xen-4.2.5_21-45.25.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): xen-4.2.5_21-45.25.1