Bugzilla – Bug 1116717
VUL-0: CVE-2018-19364: qemu,kvm: 9pfs: Use-after-free due to race condition while updating fid path
Last modified: 2021-05-27 12:46:57 UTC
via oss-sec Hello, A use-after-free flaw was found in the VirtFS, host directory sharing via Plan 9 File System(9pfs) support in QEMU. It could occur due to a race condition in updating fid path in worker threads via v9fs_path_copy(), while accessing files on a shared host directory. A user inside guest could use this flaw to crash the QEMU process resulting in DoS issue. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html This issue was reported by Zhibin hu. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
It appears all of our qemu/kvm packages are affected, with the exception of most recent, which is v3.1.0 based - we we'll need the fix from SLE11-SP3 forward. Upstream commits are 5b76ef50 and 5b3c77aa.
Fix is checked in for the following SLE releases: SLE15 SLE12-SP4 SLE12-SP3 SLE12-SP2 SLE12-SP1 SLE12 SLE11-SP4 SLE11-SP3 That should cover all SLE releases needing this fix.
SUSE-SU-2019:13962-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1109544,1116717,1117275,1123156 CVE References: CVE-2018-19364,CVE-2018-19489,CVE-2019-6778 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): kvm-1.4.2-60.21.1
SUSE-SU-2019:0423-1: An update that solves 5 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1063993,1079730,1100408,1101982,1112646,1114957,1116717,1117275,1119493,1121600,1123156,1123179 CVE References: CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778 Sources used: SUSE Linux Enterprise Module for Server Applications 15 (src): qemu-2.11.2-9.20.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): qemu-2.11.2-9.20.1, qemu-linux-user-2.11.2-9.20.1 SUSE Linux Enterprise Module for Basesystem 15 (src): qemu-2.11.2-9.20.1
SUSE-SU-2019:0435-1: An update that solves 5 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1063993,1079730,1100408,1101982,1112646,1114957,1116717,1117275,1119493,1121600,1123156,1123179 CVE References: CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778 Sources used: SUSE Linux Enterprise Server 12-SP4 (src): qemu-2.11.2-5.8.1 SUSE Linux Enterprise Desktop 12-SP4 (src): qemu-2.11.2-5.8.1
SUSE-SU-2019:0457-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1116717,1117275,1123156 CVE References: CVE-2018-19364,CVE-2018-19489,CVE-2019-6778 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): qemu-2.0.2-48.49.3
SUSE-SU-2019:0471-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1116717,1117275,1119493,1123156 CVE References: CVE-2018-16872,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778 Sources used: SUSE Linux Enterprise Server 12-SP1-LTSS (src): qemu-2.3.1-33.20.1
SUSE-SU-2019:0489-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1084604,1113231,1116717,1117275,1119493,1123156 CVE References: CVE-2017-13672,CVE-2017-13673,CVE-2018-16872,CVE-2018-19364,CVE-2018-19489,CVE-2018-7858,CVE-2019-6778 Sources used: SUSE OpenStack Cloud 7 (src): qemu-2.6.2-41.49.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): qemu-2.6.2-41.49.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): qemu-2.6.2-41.49.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): qemu-2.6.2-41.49.1 SUSE Enterprise Storage 4 (src): qemu-2.6.2-41.49.1
openSUSE-SU-2019:0254-1: An update that solves 5 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1063993,1079730,1100408,1101982,1112646,1114957,1116717,1117275,1119493,1121600,1123156,1123179 CVE References: CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778 Sources used: openSUSE Leap 15.0 (src): qemu-2.11.2-lp150.7.18.1, qemu-linux-user-2.11.2-lp150.7.18.1, qemu-testsuite-2.11.2-lp150.7.18.1
SUSE-SU-2019:0582-1: An update that solves 8 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1056334,1056386,1084604,1113231,1114957,1116717,1117275,1119493,1121600,1123156 CVE References: CVE-2017-13672,CVE-2017-13673,CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2018-7858,CVE-2019-6778 Sources used: SUSE Linux Enterprise Server 12-SP3 (src): qemu-2.9.1-6.28.1 SUSE Linux Enterprise Desktop 12-SP3 (src): qemu-2.9.1-6.28.1 SUSE CaaS Platform ALL (src): qemu-2.9.1-6.28.1 SUSE CaaS Platform 3.0 (src): qemu-2.9.1-6.28.1
openSUSE-SU-2019:1074-1: An update that solves 8 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1056334,1056386,1084604,1113231,1114957,1116717,1117275,1119493,1121600,1123156 CVE References: CVE-2017-13672,CVE-2017-13673,CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2018-7858,CVE-2019-6778 Sources used: openSUSE Leap 42.3 (src): qemu-2.9.1-56.1, qemu-linux-user-2.9.1-56.1, qemu-testsuite-2.9.1-56.2 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:0471-2: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1116717,1117275,1119493,1123156 CVE References: CVE-2018-16872,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): qemu-2.3.1-33.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.