Bug 1165776 (CVE-2019-20382) - VUL-0: CVE-2019-20382: qemu: memory leak upon VNC disconnect if ZRLE or Tight encoding is enabled
Summary: VUL-0: CVE-2019-20382: qemu: memory leak upon VNC disconnect if ZRLE or Tight...
Status: RESOLVED FIXED
Alias: CVE-2019-20382
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/254212/
Whiteboard: CVSSv2:NVD:CVE-2019-20382:2.7:(AV:A/...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-05 09:01 UTC by Wolfgang Frisch
Modified: 2023-07-25 17:33 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-03-05 09:01:50 UTC
CVE-2019-20382

A memory leakage flaw was found in the way VNC display driver of QEMU handled connection disconnect, when ZRLE, Tight encoding is enabled. It creates two vncState objects, one of which allocates memory for Zlib's data object. This allocated memory is not free'd upon disconnection resulting in the said memory leakage issue. A user able to connect to the VNC server could use this flaw to leak host memory leading to a potential DoS scenario.

References:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0
https://bugzilla.redhat.com/show_bug.cgi?id=1810390
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20382
Comment 1 Wolfgang Frisch 2020-03-05 12:35:13 UTC
QA REPRODUCER:

# qemu-system-x86_64 -vnc :0
# vncviewer -AutoSelect=0 -PreferredEncoding=Tight [::1]:0

--> If affected, qemu leaks approximately 500 KB of memory per connection. To amplify the test, run vncviewer repeatedly and watch the qemu process' resident memory consumption grow:

# for((i=0;i<100;i++)); do timeout 0.2 vncviewer -AutoSelect=0 -PreferredEncoding=Tight [::1]:0; done
Comment 6 Swamp Workflow Management 2020-04-01 19:16:42 UTC
SUSE-SU-2020:0844-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1123156,1154790,1161066,1162729,1163018,1165776,1166240,1166379
CVE References: CVE-2019-15034,CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-7039,CVE-2020-8608
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    qemu-3.1.1.1-9.14.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    qemu-3.1.1.1-9.14.1, qemu-linux-user-3.1.1.1-9.14.1, qemu-testsuite-3.1.1.1-9.14.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    qemu-3.1.1.1-9.14.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2020-04-01 19:24:12 UTC
SUSE-SU-2020:0845-1: An update that solves 6 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1123156,1154790,1156642,1156794,1158880,1161066,1162161,1162729,1163018,1165776,1166240,1166379
CVE References: CVE-2019-15034,CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-7039,CVE-2020-8608
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    qemu-3.1.1.1-3.9.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2020-04-07 04:14:19 UTC
openSUSE-SU-2020:0468-1: An update that solves 6 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1123156,1154790,1161066,1162729,1163018,1165776,1166240,1166379
CVE References: CVE-2019-15034,CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-7039,CVE-2020-8608
Sources used:
openSUSE Leap 15.1 (src):    qemu-3.1.1.1-lp151.7.12.1, qemu-linux-user-3.1.1.1-lp151.7.12.1
Comment 10 Bruce Rogers 2020-05-14 22:26:57 UTC
All affected qemu packages are fixed and submitted for maintenance update. Reassigning to security team.
Comment 11 Swamp Workflow Management 2020-05-28 19:13:26 UTC
SUSE-SU-2020:1501-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1123156,1161066,1163018,1165776,1166240,1170940
CVE References: CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-1983,CVE-2020-7039,CVE-2020-8608
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    qemu-2.11.2-5.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2020-06-03 10:15:35 UTC
SUSE-SU-2020:1523-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1123156,1161066,1163018,1165776,1166240,1170940
CVE References: CVE-2019-20382,CVE-2019-6778,CVE-2020-1711,CVE-2020-1983,CVE-2020-7039,CVE-2020-8608
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    qemu-2.11.2-9.36.1
SUSE Linux Enterprise Server 15-LTSS (src):    qemu-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    qemu-2.11.2-9.36.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    qemu-2.11.2-9.36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Alexandros Toptsoglou 2020-07-10 15:01:00 UTC
Done