Bugzilla – Bug 1119493
VUL-0: CVE-2018-16872: kvm,qemu: usb-mtp: path traversal by host filesystem manipulation in Media Transfer Protocol (MTP)
Last modified: 2021-05-27 12:47:11 UTC
rh#1656114 / CVE-2018-16872 A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS. Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03135.html Reference: https://www.openwall.com/lists/oss-security/2018/12/13/11 References: https://bugzilla.redhat.com/show_bug.cgi?id=1656114 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16872 http://seclists.org/oss-sec/2018/q4/242 https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03135.html
Appears to affect qemu versions as old as v2.1.0, so SLE version back to SLE12-SP1, and their corresponding Leap versions.
Fix added to qemu about to be submitted for openSUSE:Factory and SLE15-SP1.
Fix added to qemu packages for the following releases: SLE12-SP1 SLE12-SP2 SLE12-SP3 SLE12-SP4 SLE15 That should be all the needed SLE releases.
Fixed.
SUSE-SU-2019:0423-1: An update that solves 5 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1063993,1079730,1100408,1101982,1112646,1114957,1116717,1117275,1119493,1121600,1123156,1123179 CVE References: CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778 Sources used: SUSE Linux Enterprise Module for Server Applications 15 (src): qemu-2.11.2-9.20.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): qemu-2.11.2-9.20.1, qemu-linux-user-2.11.2-9.20.1 SUSE Linux Enterprise Module for Basesystem 15 (src): qemu-2.11.2-9.20.1
SUSE-SU-2019:0435-1: An update that solves 5 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1063993,1079730,1100408,1101982,1112646,1114957,1116717,1117275,1119493,1121600,1123156,1123179 CVE References: CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778 Sources used: SUSE Linux Enterprise Server 12-SP4 (src): qemu-2.11.2-5.8.1 SUSE Linux Enterprise Desktop 12-SP4 (src): qemu-2.11.2-5.8.1
SUSE-SU-2019:0471-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1116717,1117275,1119493,1123156 CVE References: CVE-2018-16872,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778 Sources used: SUSE Linux Enterprise Server 12-SP1-LTSS (src): qemu-2.3.1-33.20.1
SUSE-SU-2019:0489-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1084604,1113231,1116717,1117275,1119493,1123156 CVE References: CVE-2017-13672,CVE-2017-13673,CVE-2018-16872,CVE-2018-19364,CVE-2018-19489,CVE-2018-7858,CVE-2019-6778 Sources used: SUSE OpenStack Cloud 7 (src): qemu-2.6.2-41.49.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): qemu-2.6.2-41.49.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): qemu-2.6.2-41.49.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): qemu-2.6.2-41.49.1 SUSE Enterprise Storage 4 (src): qemu-2.6.2-41.49.1
openSUSE-SU-2019:0254-1: An update that solves 5 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1063993,1079730,1100408,1101982,1112646,1114957,1116717,1117275,1119493,1121600,1123156,1123179 CVE References: CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778 Sources used: openSUSE Leap 15.0 (src): qemu-2.11.2-lp150.7.18.1, qemu-linux-user-2.11.2-lp150.7.18.1, qemu-testsuite-2.11.2-lp150.7.18.1
SUSE-SU-2019:0582-1: An update that solves 8 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1056334,1056386,1084604,1113231,1114957,1116717,1117275,1119493,1121600,1123156 CVE References: CVE-2017-13672,CVE-2017-13673,CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2018-7858,CVE-2019-6778 Sources used: SUSE Linux Enterprise Server 12-SP3 (src): qemu-2.9.1-6.28.1 SUSE Linux Enterprise Desktop 12-SP3 (src): qemu-2.9.1-6.28.1 SUSE CaaS Platform ALL (src): qemu-2.9.1-6.28.1 SUSE CaaS Platform 3.0 (src): qemu-2.9.1-6.28.1
openSUSE-SU-2019:1074-1: An update that solves 8 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1056334,1056386,1084604,1113231,1114957,1116717,1117275,1119493,1121600,1123156 CVE References: CVE-2017-13672,CVE-2017-13673,CVE-2018-16872,CVE-2018-18954,CVE-2018-19364,CVE-2018-19489,CVE-2018-7858,CVE-2019-6778 Sources used: openSUSE Leap 42.3 (src): qemu-2.9.1-56.1, qemu-linux-user-2.9.1-56.1, qemu-testsuite-2.9.1-56.2 *** NOTE: This information is not intended to be used for external communication, because this may only be a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:0471-2: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 1116717,1117275,1119493,1123156 CVE References: CVE-2018-16872,CVE-2018-19364,CVE-2018-19489,CVE-2019-6778 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): qemu-2.3.1-33.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.