Bugzilla – Bug 1130675
VUL-0: CVE-2018-20815: qemu: device_tree: heap buffer overflow while loading device tree blob
Last modified: 2022-09-16 12:31:37 UTC
I am forwarding a bug that was received via the oss-security mailing list (see https://seclists.org/oss-sec/2019/q1/194): ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process. Upstream patch: --------------- -> https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Unless this patch was already cherry picked (it is not part of the 3.1 release of QEMU), it is not present in any QEMU release that we ship.
seems to affect all qemu / kvm versions down to SLE11.
SUSE-SU-2019:1238-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1111331,1125721,1126455,1129622,1129962,1130675 CVE References: CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-20815,CVE-2019-11091,CVE-2019-3812,CVE-2019-8934,CVE-2019-9824 Sources used: SUSE Linux Enterprise Server 12-SP4 (src): qemu-2.11.2-5.13.1 SUSE Linux Enterprise Desktop 12-SP4 (src): qemu-2.11.2-5.13.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1239-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1111331,1125721,1126455,1129622,1130675 CVE References: CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-20815,CVE-2019-11091,CVE-2019-3812,CVE-2019-8934,CVE-2019-9824 Sources used: SUSE Linux Enterprise Module for Server Applications 15 (src): qemu-2.11.2-9.25.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): qemu-2.11.2-9.25.1, qemu-linux-user-2.11.2-9.25.1 SUSE Linux Enterprise Module for Basesystem 15 (src): qemu-2.11.2-9.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1268-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1111331,1129622,1130675 CVE References: CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-20815,CVE-2019-11091,CVE-2019-9824 Sources used: SUSE OpenStack Cloud 7 (src): qemu-2.6.2-41.52.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): qemu-2.6.2-41.52.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): qemu-2.6.2-41.52.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): qemu-2.6.2-41.52.1 SUSE Enterprise Storage 4 (src): qemu-2.6.2-41.52.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1269-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1111331,1129622,1130675 CVE References: CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-20815,CVE-2019-11091,CVE-2019-9824 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): qemu-2.3.1-33.23.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): qemu-2.3.1-33.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:1272-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1111331,1129622,1130675 CVE References: CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-20815,CVE-2019-11091,CVE-2019-9824 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): qemu-2.0.2-48.52.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1405-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1111331,1125721,1126455,1129622,1130675 CVE References: CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-20815,CVE-2019-11091,CVE-2019-3812,CVE-2019-8934,CVE-2019-9824 Sources used: openSUSE Leap 15.0 (src): qemu-2.11.2-lp150.7.22.1
SUSE-SU-2019:14052-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1111331,1129622,1130675 CVE References: CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-20815,CVE-2019-11091,CVE-2019-9824 Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): kvm-1.4.2-60.24.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:1274-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1118900,1125721,1126455,1129622,1130675,1131955 CVE References: CVE-2018-20815,CVE-2019-3812,CVE-2019-8934,CVE-2019-9824 Sources used: openSUSE Leap 42.3 (src): qemu-2.9.1-59.1, qemu-linux-user-2.9.1-59.1, qemu-testsuite-2.9.1-59.2
SUSE-SU-2019:14053-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1111331,1129622,1130675 CVE References: CVE-2018-12126,CVE-2018-12127,CVE-2018-12130,CVE-2018-20815,CVE-2019-11091,CVE-2019-9824 Sources used: SUSE Linux Enterprise Point of Sale 11-SP3 (src): kvm-1.4.2-53.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Fixes are submitted via maintenance submission everywhere we need to. Returning back to security team.
Released, closing.